rhsa-2024_2639
Vulnerability from csaf_redhat
Published
2024-05-01 02:44
Modified
2024-12-10 16:52
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.15 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.7.15 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
* jose-go: improper handling of highly compressed data (CVE-2024-28180)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The Migration Toolkit for Containers (MTC) 1.7.15 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)\n\n* jose-go: improper handling of highly compressed data (CVE-2024-28180)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:2639", "url": "https://access.redhat.com/errata/RHSA-2024:2639" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "2268854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2639.json" } ], "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.15 security and bug fix update", "tracking": { "current_release_date": "2024-12-10T16:52:26+00:00", "generator": { "date": "2024-12-10T16:52:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:2639", "initial_release_date": "2024-05-01T02:44:36+00:00", "revision_history": [ { "date": "2024-05-01T02:44:36+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-05-01T02:44:36+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-10T16:52:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "8Base-RHMTC-1.7", "product": { "name": "8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhmt:1.7::el8" } } } ], "category": "product_family", "name": "Red Hat Migration Toolkit" }, { "branches": [ { "category": "product_version", "name": "rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64", "product": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64", "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.15-8" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64", "product": { "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64", "product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.15-8" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64", "product": { "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64", "product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.15-10" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64", "product": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64", "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.15-8" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64", "product": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64", "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.15-10" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64", "product": { "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64", "product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.15-7" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64", "product": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64", "product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.15-10" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64", "product": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64", "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.15-12" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64", "product": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64", "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.15-8" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64", "product": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64", "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.15-8" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64", "product": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64", "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.15-8" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64", "product": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64", "product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.15-8" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.15-8" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.15-9" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.15-8" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64", "product": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64", "product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.15-8" } } }, { "category": "product_version", "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64", "product": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64", "product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.15-9" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64" }, "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64" }, "product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64" }, "product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64" }, "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64" }, "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64" }, "product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64" }, "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64" }, "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64" }, "product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64" }, "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64" }, "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64" }, "product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-24786", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-03-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268046" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-24786" }, { "category": "external", "summary": "RHBZ#2268046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, { "category": "external", "summary": "https://go.dev/cl/569356", "url": "https://go.dev/cl/569356" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2024-2611", "url": "https://pkg.go.dev/vuln/GO-2024-2611" } ], "release_date": "2024-03-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-05-01T02:44:36+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:2639" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON" }, { "cve": "CVE-2024-28180", "cwe": { "id": "CWE-409", "name": "Improper Handling of Highly Compressed Data (Data Amplification)" }, "discovery_date": "2024-03-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2268854" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.", "title": "Vulnerability description" }, { "category": "summary", "text": "jose-go: improper handling of highly compressed data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-28180" }, { "category": "external", "summary": "RHBZ#2268854", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28180", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180" }, { "category": "external", "summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g", "url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g" } ], "release_date": "2024-03-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-05-01T02:44:36+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:2639" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jose-go: improper handling of highly compressed data" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.