RHSA-2024:6209
Vulnerability from csaf_redhat - Published: 2024-09-03 10:04 - Updated: 2026-03-24 17:15Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.10 security update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Service Mesh Containers for 2.4.10
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
Security Fix(es):
* axios: Server-Side Request Forgery (CVE-2024-39338)
* elliptic: nodejs/elliptic: From NVD collector (CVE-2024-42459)
* ECDSA signature malleability due to missing checks (CVE-2024-42460)
* ECDSA implementation malleability due to BER-enconded signatures being allowed (CVE-2024-42461)
* jose-go: improper handling of highly compressed data (CVE-2024-28180)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.
4.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2024:6209
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2024:6209
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the NodeJS Elliptic package. When creating EDDSA signatures, the Elliptic package doesn't properly check the signature length, allowing zeros to be added or removed from the signature without invalidating it, which may result in confidentiality issues.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2024:6209
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the Elliptic NodeJS package where it fails to properly verify the leading bit for the R and S values used in the ECDSA signature. This issue may lead to a scenario where an attacker can modify the signature without the Elliptic library being able to properly reject it, causing data confidentiality issues.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2024:6209
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the Elliptic package for Node.js. ECDSA signatures encoded in BER format are improperly validated, allowing leading zeros to be added to the signature without invalidating it, resulting in confidentiality issues.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2024:6209
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh Containers for 2.4.10\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n* axios: Server-Side Request Forgery (CVE-2024-39338)\n* elliptic: nodejs/elliptic: From NVD collector (CVE-2024-42459)\n* ECDSA signature malleability due to missing checks (CVE-2024-42460)\n* ECDSA implementation malleability due to BER-enconded signatures being allowed (CVE-2024-42461)\n* jose-go: improper handling of highly compressed data (CVE-2024-28180)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:6209",
"url": "https://access.redhat.com/errata/RHSA-2024:6209"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6209.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.10 security update",
"tracking": {
"current_release_date": "2026-03-24T17:15:36+00:00",
"generator": {
"date": "2026-03-24T17:15:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:6209",
"initial_release_date": "2024-09-03T10:04:55+00:00",
"revision_history": [
{
"date": "2024-09-03T10:04:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-03T10:04:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-24T17:15:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.4 for RHEL 8",
"product": {
"name": "RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.15-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.10-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.15-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.10-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.15-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.10-3"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.15-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.10-4"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.10-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.10-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64 as a component of RHOSSM 2.4 for RHEL 8",
"product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-28180",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2024-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268854"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose-go: improper handling of highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "RHBZ#2268854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"
}
],
"release_date": "2024-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:04:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6209"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jose-go: improper handling of highly compressed data"
},
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-08-13T17:21:32.774718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2304369"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: axios: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-39338"
},
{
"category": "external",
"summary": "RHBZ#2304369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases",
"url": "https://github.com/axios/axios/releases"
},
{
"category": "external",
"summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html",
"url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
}
],
"release_date": "2024-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:04:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6209"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: axios: Server-Side Request Forgery"
},
{
"cve": "CVE-2024-42459",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2024-08-02T07:20:12+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302458"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the NodeJS Elliptic package. When creating EDDSA signatures, the Elliptic package doesn\u0027t properly check the signature length, allowing zeros to be added or removed from the signature without invalidating it, which may result in confidentiality issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elliptic: nodejs/elliptic: EDDSA signature malleability due to missing signature length check",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-42459"
},
{
"category": "external",
"summary": "RHBZ#2302458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42459"
},
{
"category": "external",
"summary": "https://github.com/indutny/elliptic/pull/317",
"url": "https://github.com/indutny/elliptic/pull/317"
}
],
"release_date": "2024-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:04:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6209"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "elliptic: nodejs/elliptic: EDDSA signature malleability due to missing signature length check"
},
{
"cve": "CVE-2024-42460",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2024-08-02T07:20:14+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302459"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Elliptic NodeJS package where it fails to properly verify the leading bit for the R and S values used in the ECDSA signature. This issue may lead to a scenario where an attacker can modify the signature without the Elliptic library being able to properly reject it, causing data confidentiality issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elliptic: nodejs/elliptic: ECDSA signature malleability due to missing checks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-42460"
},
{
"category": "external",
"summary": "RHBZ#2302459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302459"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42460"
},
{
"category": "external",
"summary": "https://github.com/indutny/elliptic/pull/317",
"url": "https://github.com/indutny/elliptic/pull/317"
}
],
"release_date": "2024-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:04:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6209"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "elliptic: nodejs/elliptic: ECDSA signature malleability due to missing checks"
},
{
"cve": "CVE-2024-42461",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2024-08-02T07:20:17+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2302460"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Elliptic package for Node.js. ECDSA signatures encoded in BER format are improperly validated, allowing leading zeros to be added to the signature without invalidating it, resulting in confidentiality issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was found in the elliptic npm package, it is an Improper Verification of Cryptographic Signature that occurs because the library accepts non-strictly BER-encoded signatures.This allows an attacker to create another valid signature for the same message, which may cause issues in systems that rely on unique signatures for identifying transactions.The overall impact on confidentiality is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-42461"
},
{
"category": "external",
"summary": "RHBZ#2302460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-42461",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42461"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m",
"url": "https://github.com/advisories/GHSA-49q7-c7j4-3p7m"
},
{
"category": "external",
"summary": "https://github.com/indutny/elliptic/pull/317",
"url": "https://github.com/indutny/elliptic/pull/317"
}
],
"release_date": "2024-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-03T10:04:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:6209"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:a22d6479a42218465760a1d69698becc8f9a52611b94dca2b0e6e6c4cd1f57e9_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:ad11189a25220c34fb540897fb45cf249594e7620c289bbe96bff12503ad93b2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:bd78beca1f12e74496b8e50d102706a69fdb6761e5d27542ed215dffdeeda040_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:dcb3244a1174038bf6a15f5fa2af049051bc081a7954b5158d01ca62c1f4612c_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:34cde6f9ac5e0daabedd72d92bb7174f235f3788a5cd0da61ea02a4ed401d4c4_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:3b7c8f8ae92239b749c9cf2ac8eefcddc1709228fba062c13c1f08b5ada8948d_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:56eccfed504f353e9d93bcce4831454f78b42c22468c8c76bbd9f301db0302a0_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:8695969f7b7249befc05a5aa21872db62b62ce1d666dcbc46b413abaea1c8896_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1174fe7492b61515788099876e47cf1ff1bc9f4acbd546bba11542d28d5633dd_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:5f4eeee81cf9de99fa94f3a30c18f16c8fb1d79f4758c7b558c7585f4d779459_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:b427b91446551d74f5602b6e644101f560885e580ca1e75dca38b752c031e7a6_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:dc3c46edf33bb7ce827f6bec3bc76a6381346e053471984fd0dec127284079e2_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3b7c60376ce1df8a387f55e5f5d97778b0d7d4df7def6ac47fb4b1be8e38a20d_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:79f483dd161ee51e237eeb8f6c2b782fa4ffa01a63976529e09f5d43dfd4b705_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:b6294ac85755654fb6091a5d2b8456713279c263c9dbfac440ab0e6e41b40c35_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:bb7c59c89be24d5a763dee70bf1895175c8f14b8125774a6d6d7938ab164df6d_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:24eedaba1a0848d04af90278aaaba1a2790231d7049ed39047768ceed591f806_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:616faca6fd7684383ce8df2ffe0e0e72d397ff86a96a90096fa9bbb707736a64_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:d63b3d2356e504ed5e63fee770e71405e9efebaa0687ff95c72087755eb63445_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:dce09ee679578ab559f925bb6bc17746f71f38a5809bdebe2a22d548b1055345_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52bfe29d4b87e59e34de3620a9c78e2a964d81c91fe94bca2a4e6b5ae6773ab0_amd64",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:6968e0f1a5034efb7c86248153573a3403ea8f7da1aaaa6cc2ee815a32958ee2_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:7e82f3597adb81ea86f8aaba8f7352bf20d5f533f948e5c86723871cb369e721_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e63be81ffec6b125ae15a64b39c950e8b6d94c71fb3ebf3e59c36fd6a8708cd7_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:8b3c1cfa497893afa13413040ace41560f542136bfcc29fc4672527e646a385b_ppc64le",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:930d626158c0affcb82bd8f7ec27750b6cd58ff136498c806ecb9f01b59dd697_s390x",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:b23e1cdef09c9ec88d48969666b7646068cc811e0b9dc6f16df08ba372764ce6_arm64",
"8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:ecf11409a26b7623eeb2d6a9928da13ef992e7d4e2cd9743b20a5a1a6412eb8e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "elliptic: nodejs/elliptic: ECDSA implementation malleability due to BER-enconded signatures being allowed"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…