rhsa-2025:17376
Vulnerability from csaf_redhat
Published
2025-10-06 13:05
Modified
2025-10-23 20:37
Summary
Red Hat Security Advisory: Red Hat build of Cryostat 4.0.3: new RHEL 9 container image security update
Notes
Topic
New Red Hat build of Cryostat 4.0.3 on RHEL 9 container images are now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Cryostat 4 on RHEL 9 container images have been updated to fix several bugs.
Users of Cryostat 4 on RHEL 9 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
Security Fix(es):
* tar-fs: tar-fs symlink validation bypass (CVE-2025-59343)
You can find images updated by this advisory in the Red Hat Container Catalog (see the References section).
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat build of Cryostat 4.0.3 on RHEL 9 container images are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Cryostat 4 on RHEL 9 container images have been updated to fix several bugs.\n\nUsers of Cryostat 4 on RHEL 9 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nSecurity Fix(es):\n\n* tar-fs: tar-fs symlink validation bypass (CVE-2025-59343)\n\nYou can find images updated by this advisory in the Red Hat Container Catalog (see the References section).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:17376",
"url": "https://access.redhat.com/errata/RHSA-2025:17376"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2397901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397901"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17376.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Cryostat 4.0.3: new RHEL 9 container image security update",
"tracking": {
"current_release_date": "2025-10-23T20:37:05+00:00",
"generator": {
"date": "2025-10-23T20:37:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:17376",
"initial_release_date": "2025-10-06T13:05:24+00:00",
"revision_history": [
{
"date": "2025-10-06T13:05:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-06T13:05:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-23T20:37:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 4 on RHEL 9",
"product": {
"name": "Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:4::el9"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"product": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"product_id": "cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.5.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"product": {
"name": "cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"product_id": "cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"product": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"product": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"product": {
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"product_id": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-ose-oauth-proxy-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"product": {
"name": "cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"product_id": "cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"product": {
"name": "cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"product_id": "cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"product": {
"name": "cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"product_id": "cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"product": {
"name": "cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"product_id": "cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"product": {
"name": "cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"product_id": "cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64",
"product": {
"name": "cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64",
"product_id": "cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.0.3-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"product": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"product_id": "cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.5.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"product": {
"name": "cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"product_id": "cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"product": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"product": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"product": {
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"product_id": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-ose-oauth-proxy-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"product": {
"name": "cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"product_id": "cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"product": {
"name": "cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"product_id": "cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"product": {
"name": "cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"product_id": "cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"product": {
"name": "cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"product_id": "cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"product": {
"name": "cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"product_id": "cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.0.3-2"
}
}
},
{
"category": "product_version",
"name": "cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"product": {
"name": "cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"product_id": "cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.0.3-2"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64"
},
"product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64"
},
"product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64"
},
"product_reference": "cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64"
},
"product_reference": "cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64"
},
"product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64"
},
"product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64"
},
"product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64"
},
"product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64"
},
"product_reference": "cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64"
},
"product_reference": "cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64"
},
"product_reference": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64"
},
"product_reference": "cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64"
},
"product_reference": "cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64"
},
"product_reference": "cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64"
},
"product_reference": "cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64"
},
"product_reference": "cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64"
},
"product_reference": "cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64"
},
"product_reference": "cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64"
},
"product_reference": "cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64"
},
"product_reference": "cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64"
},
"product_reference": "cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64"
},
"product_reference": "cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-59343",
"cwe": {
"id": "CWE-61",
"name": "UNIX Symbolic Link (Symlink) Following"
},
"discovery_date": "2025-09-24T18:01:19.612438+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397901"
}
],
"notes": [
{
"category": "description",
"text": "tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: tar-fs symlink validation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59343"
},
{
"category": "external",
"summary": "RHBZ#2397901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09",
"url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
}
],
"release_date": "2025-09-24T17:43:34.728000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-06T13:05:24+00:00",
"details": "You can download the Cryostat 4 on RHEL 9 container images that this update provides from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available in the Red Hat Container Catalog (see the References section).\n\nDockerfiles and scripts should be amended to refer to this new image specifically or to the latest image generally.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17376"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:9463aed19da3b03a12bed39c6050bec99463e10065ee372b67816213a045c6f4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:f70b1ea3fc288d6054c8fd361e672849b35d8c4ae2ba844d7afe9fa4ae3e4d6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:3f78daa87571d389f545698ccfafd7fb95e8acc88105bc26b89acd1f1d4604ec_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:f21352681262b8d7671383fad5ac0318ceffce84ad863072a4b9dd90a2f152e2_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:7a7bb95ea5e6a42221586653da0bf950f8aca246ac3615d09fd6679d4b13e07b_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:d1336f0e9915a034b3156ab5bb1ee61fd479ceb5a16b9af95ea765998013222c_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:35bde3754ad9ca1e81205f114c82d4a56f285057a61145909177a6cb65d29b9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:50b56388f16ff8d9d54e0cf24e6169e21426725fa4bf7e7846191fb75b746aa1_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:935d3968b95d7712f35efe8a60e45160ef8fdac687632f34edc447f22eb9e764_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:dadf9b28a2d935a73c3daa6c26638ced5c433262a230d3a14ce1b4f2509244bc_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:287d87e4e5a80514270d9d3f3f0911bff5a965019445f2cbc3a354de87ee8fc8_amd64",
"9Base-Cryostat-4:cryostat/cryostat-ose-oauth-proxy-rhel9@sha256:7f1ccbfe7c19ffbc43c864afa0f3265aaca55156b0dc37b35258941c5cefa467_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3855e1063979608e04a443bb23061de41d40384de6a0cf97e773a9437e001e86_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:b31a398c301bf937e3b32779990106e83514d78d880d468f52248c28a0804844_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:f93fb5a329f336d7221e457f33fea590d33b3f3a0d3817572ec6a3df4733492b_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:fe346c81d84d7919f0d15d0b3fc83a81274308b5e922347cb6d3c19e7137fa55_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:a6c3b106d370130408da31aabe9719d7b9576275038b261fef2967b618faf03f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:cf45d23bb2e8064fb1f92335b9854bfc6d05a8ff82f93e19c6377b414c2cfba7_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2b6db9665766c3d8320292ca3ff9840935e92f4d06acc4ec1abfd38d63b83b7d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:5735fe58a6bb76ca20fe83a7429bbe1ab0cc198d2f5248505c36bd13dfed54b9_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:78542cfcb567bc4c3766f7734a49b07485ec0283484878f16b3c3bb3ab0e4bd3_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:ffcd3bb8792afadd97ac09e43c14cf5ee2da2688e0b9aa3e0839a411d87e688a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: tar-fs symlink validation bypass"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…