rhsa-2024_4631
Vulnerability from csaf_redhat
Published
2024-07-18 17:11
Modified
2024-12-11 22:29
Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.15.0 release
Notes
Topic
Red Hat OpenShift Dev Spaces 3.15 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.15 release is based on Eclipse Che 7.88 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.15 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.15 release is based on Eclipse Che 7.88 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:4631",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.15/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-3064",
"url": "https://access.redhat.com/security/cve/CVE-2022-3064"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-21698",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-28948",
"url": "https://access.redhat.com/security/cve/CVE-2022-28948"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-46175",
"url": "https://access.redhat.com/security/cve/CVE-2022-46175"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-6378",
"url": "https://access.redhat.com/security/cve/CVE-2023-6378"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-39325",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-41080",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-45288",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-45648",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "CRW-6593",
"url": "https://issues.redhat.com/browse/CRW-6593"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4631.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.15.0 release",
"tracking": {
"current_release_date": "2024-12-11T22:29:29+00:00",
"generator": {
"date": "2024-12-11T22:29:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:4631",
"initial_release_date": "2024-07-18T17:11:22+00:00",
"revision_history": [
{
"date": "2024-07-18T17:11:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-18T17:11:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-11T22:29:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"product": {
"name": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"product_id": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"product": {
"name": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"product_id": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"product_id": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.15-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"product_id": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.15-15"
}
}
},
{
"category": "product_version",
"name": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"product": {
"name": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"product_id": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"product_identification_helper": {
"purl": "pkg:oci/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=3.15-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"product_id": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"product_id": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"product_id": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.15-26"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"product_id": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.15-10"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"product": {
"name": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"product_id": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.15-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"product": {
"name": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"product_id": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"product": {
"name": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"product_id": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.15-5"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"product": {
"name": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"product_id": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"product": {
"name": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"product_id": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"product_id": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.15-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"product_id": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.15-15"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"product_id": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"product_id": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"product_id": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.15-26"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"product_id": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.15-10"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"product": {
"name": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"product_id": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.15-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"product": {
"name": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"product_id": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"product": {
"name": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"product_id": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.15-5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"product": {
"name": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"product_id": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"product": {
"name": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"product_id": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"product": {
"name": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"product_id": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.15-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"product": {
"name": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"product_id": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.15-15"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"product": {
"name": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"product_id": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"product": {
"name": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"product_id": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"product_id": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.15-26"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"product": {
"name": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"product_id": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.15-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"product": {
"name": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"product_id": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.15-10"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"product": {
"name": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"product_id": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.15-3"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"product": {
"name": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"product_id": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.15-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le",
"product": {
"name": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le",
"product_id": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.15-5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le"
},
"product_reference": "devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64"
},
"product_reference": "devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x"
},
"product_reference": "devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x"
},
"product_reference": "devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64"
},
"product_reference": "devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le"
},
"product_reference": "devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64"
},
"product_reference": "devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x"
},
"product_reference": "devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
},
"product_reference": "devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64"
},
"product_reference": "devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x"
},
"product_reference": "devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64"
},
"product_reference": "devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x"
},
"product_reference": "devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x"
},
"product_reference": "devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64"
},
"product_reference": "devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
},
"product_reference": "devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64"
},
"product_reference": "devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x"
},
"product_reference": "devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le"
},
"product_reference": "devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x"
},
"product_reference": "devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64"
},
"product_reference": "devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"relates_to_product_reference": "8Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
},
"product_reference": "devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le",
"relates_to_product_reference": "8Base-RHOSDS-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3064",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-01-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2163037"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3064"
},
{
"category": "external",
"summary": "RHBZ#2163037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163037"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3064",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r",
"url": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r"
},
{
"category": "external",
"summary": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5",
"url": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5"
},
{
"category": "external",
"summary": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4",
"url": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-0956",
"url": "https://pkg.go.dev/vuln/GO-2022-0956"
}
],
"release_date": "2022-08-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents"
},
{
"cve": "CVE-2022-21698",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2045880"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "RHBZ#2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
},
{
"cve": "CVE-2022-28948",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-05-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2088748"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert (or deserialize) invalid input data, potentially impacting system stability and reliability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-gopkg-yaml: crash when attempting to deserialize invalid input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has designated the CVE rating as \u0027moderate\u0027 as exploitation of Red Hat products is contingent upon the attacker being authenticated when sending the malicious XML payload.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28948"
},
{
"category": "external",
"summary": "RHBZ#2088748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28948"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hp87-p4gw-j4gq",
"url": "https://github.com/advisories/GHSA-hp87-p4gw-j4gq"
}
],
"release_date": "2022-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-gopkg-yaml: crash when attempting to deserialize invalid input"
},
{
"cve": "CVE-2022-46175",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156263"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json5: Prototype Pollution in JSON5 via Parse Method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46175"
},
{
"category": "external",
"summary": "RHBZ#2156263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
},
{
"category": "external",
"summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
"url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
}
],
"release_date": "2022-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json5: Prototype Pollution in JSON5 via Parse Method"
},
{
"cve": "CVE-2023-6378",
"cwe": {
"id": "CWE-499",
"name": "Serializable Class Containing Sensitive Data"
},
"discovery_date": "2023-11-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252230"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the logback package, where it is vulnerable to a denial of service caused by a serialization flaw in the receiver component. By sending specially crafted poisoned data, a remote attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "logback: serialization vulnerability in logback receiver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Logback package vulnerability, posing a risk of denial-of-service through a serialization flaw in its receiver component, is considered a moderate issue due to its potential impact on system availability. While denial-of-service vulnerabilities can be disruptive, the severity is tempered by the fact that they generally do not result in unauthorized access or data compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6378"
},
{
"category": "external",
"summary": "RHBZ#2252230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252230"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6378"
}
],
"release_date": "2023-11-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "logback: serialization vulnerability in logback receiver"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
},
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-10-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243749"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: incorrectly parsed http trailer headers can cause request smuggling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The request smuggling is not guaranteed to have relevant information within every request and the scenario behind a reverse proxy which fails to handle the request too is necessary, hence the Moderate impact.\n\nThe Red Hat AMQ Broker team removed any tomcat dependencies in version 7.11.3. Please refer to https://errata.devel.redhat.com/advisory/121941.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"known_not_affected": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45648"
},
{
"category": "external",
"summary": "RHBZ#2243749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45648",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45648"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2023/10/10/10",
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-18T17:11:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "workaround",
"details": "No mitigation is currently available for this flaw.",
"product_ids": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:14df338acf7e3bbdcbb79bd66b063900a655d5dc920862e0fe67262e457bfae8_ppc64le",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:be39b6b16ef2a5e88d4650b0f2cb1e8e4c3cacbdb67a59b443255e857460b885_amd64",
"8Base-RHOSDS-3:devspaces/code-rhel8@sha256:dd6aafc88aeab0ee3c7ee706540d4022a6d860c68b4cbec1bdf3990092b2bcbf_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:1e109e2572b3db1610ae07c1580837fc03813927ab8230f06a452ea51e4ea1fd_s390x",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:7ad719f34df4ff6ca4afc67610c616f1ab5961be60a7e80d7e35af3374dc2a2e_amd64",
"8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:f0cf2be9026fed74449daf382907d5014cc72998be0edb32a3aeb150754030ea_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:0c402a60f316d48868cfb3d5459ed56222fd56a10562a4db6c09155f9e2be2ea_s390x",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:aa078d91d3c80ab437ccb49b8470947abc9b66bf98b77e7e0ecf5271a6e075ab_ppc64le",
"8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:f227e2cef7b8cd6b937db379b4dc5463fa73e511400ad64f010081be577d809c_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:762b66d0ee13db9d168a022e31180145dd4ec20eb5cdbfcb48510e44173f8553_amd64",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:8d07c15f234a996673c6910ecd93adc9289b7e0d85de664713b958b4150b3852_ppc64le",
"8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:ef41ab671a633299a1db5d5f3bc72c59f4d8b6e126c8635be5e650c8547b4eae_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:2a2f31bacc803a8260da6cd3a61ad71cbb00cf2e521854def145b3d0bec0b055_amd64",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d92439b4f42e8a320d6bf6fe923370082a92c8a183bdecbef8038b07a00c283_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:aaf36bb82765cd95324c84442cd9deb54c27469d6726ca248f1aeef7b3f06fab_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:75b1429db0482dfe108a7fbbed1abefb24f4cd7b35e4bb0d57f32c1973ec883b_s390x",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:948252e9ecb6a058a7ba116f7e018134f0a9548e5dacffc10d4248050268d5b3_ppc64le",
"8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:9781322614ad47a9d75dc7c87581dd3789f78992ec9eb91833e86061e7ea1f91_amd64",
"8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5ac4fdd00b0d1436115f2fda0a777b9f4ae99866cbf8fa99dddaad21888eeb18_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:760021d9a555390d69e76f6dab0ce0c2694001aef3a8b44384bd8e9bf96171e1_amd64",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:8101bdc3676ad5a1f832a46179a0225349af8cdab2a1a285ab173192082d93ae_ppc64le",
"8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a02ae8ff331b3be77e6f48a5faa0e1c13b1203242edca7e4a2e1cfb83df3e6da_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:7d367fef16f3968243fc47927515a0ee1313ac5169c5a7769b701d47409bec88_ppc64le",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:9f9d815327b731738f690d65c89b86c3128457c2d4447141a0e4f42bd52096fd_s390x",
"8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:f6852cf501751523954574a97e68c543b16c58b77fc6061954fc95e94977d2bf_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:06a15178e2f20d56fac5e13cad9fcc1ae7316789e34115a2504c4a07580f19f5_amd64",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:4141f892f6cd45a9e85f6a4ed7e63e061749ee0ae283b02447be603cafedacad_ppc64le",
"8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:e23dc02966b044bf52d27d98e4ed4873dbfb2a5ce92c6d82e98a6c45fa298b39_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:3be3bc2226f6719f8227709ea13626bee7135d1dc0d64aa4d8ee4ef6e8bb60df_s390x",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:b6912aa0c1717be5d0e69c31e94e834abe1307d5e8132345af89a923d5b687ce_amd64",
"8Base-RHOSDS-3:devspaces/server-rhel8@sha256:d0ae2f24410876f45670107480e10d98b59e08cac3561095f86dfdda1d759b78_ppc64le",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:9fada42916b4e04c8c8ff7bb3cd8ce0976862d15de7c7225ee41366f790338a1_amd64",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:a5d8bb3e4fbdda212ae48e298f47daf9b02cd78ccf6ce85087b62e96ee80cb6d_s390x",
"8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c9e21c99f25869dcf79aa5844499492f21b98905fcb1f1832470acc445c28c87_ppc64le",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:b4112466adc8ec304859d4ed70fbe7c51d77abce884c19f742356b4d64f3c3ee_s390x",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:d407cd42cfe5c6100d67552bcb39923bb665a17e7c5004d387a59bfef9a1bb83_amd64",
"8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:fa9863eac8f11e6dd6685cd7b5ab28bb6ca3f708c874724ed894b49d4a267179_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: incorrectly parsed http trailer headers can cause request smuggling"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.