rhsa-2025:18219
Vulnerability from csaf_redhat
Published
2025-10-16 08:41
Modified
2025-10-16 08:44
Summary
Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.16.0
Notes
Topic
cert-manager Operator for Red Hat OpenShift 1.16.0
Details
The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities
and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide
certificates-as-a-service to developers working within your Kubernetes cluster.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cert-manager Operator for Red Hat OpenShift 1.16.0",
"title": "Topic"
},
{
"category": "general",
"text": "The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities\nand certificates as first-class resource types in the Kubernetes API. This makes it possible to provide\ncertificates-as-a-service to developers working within your Kubernetes cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:18219",
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12718",
"url": "https://access.redhat.com/security/cve/CVE-2024-12718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4138",
"url": "https://access.redhat.com/security/cve/CVE-2025-4138"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4517",
"url": "https://access.redhat.com/security/cve/CVE-2025-4517"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-49794",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-49796",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5914",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6020",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6965",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7425",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8941",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html",
"url": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_18219.json"
}
],
"title": "Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.16.0",
"tracking": {
"current_release_date": "2025-10-16T08:44:51+00:00",
"generator": {
"date": "2025-10-16T08:44:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:18219",
"initial_release_date": "2025-10-16T08:41:21+00:00",
"revision_history": [
{
"date": "2025-10-16T08:41:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-16T08:41:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-16T08:44:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "cert-manager operator for Red Hat OpenShift 1.16",
"product": {
"name": "cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cert_manager:1.16::el9"
}
}
}
],
"category": "product_family",
"name": "cert-manager operator for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3A1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760515757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760509690"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Aec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760515757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760509690"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3A330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760515757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760509690"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Adf852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760515757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.16.5-1760509690"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x as a component of cert-manager operator for Red Hat OpenShift 1.16",
"product_id": "cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12718",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:00:57.613538+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370013"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CPython\u0027s tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12718"
},
{
"category": "external",
"summary": "RHBZ#2370013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/127987",
"url": "https://github.com/python/cpython/issues/127987"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:10.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory"
},
{
"cve": "CVE-2025-4138",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T09:03:58.434950+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372426"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4138"
},
{
"category": "external",
"summary": "RHBZ#2372426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:02.717000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Red Hat recommends upgrading to a fixed release of Python as soon as one is available. This vulnerability can be mitigated by rejecting links inside tarfiles that use relative references to the parent directory. The upstream advisory provides this example code:\n\n\u0027\u0027\u0027\n# Avoid insecure segments in link names.\nfor member in tar.getmembers():\n if not member.islnk():\n continue\n if os.pardir in os.path.split(member.linkname):\n raise OSError(\"Tarfile with insecure segment (\u0027..\u0027) in linkname\")\n\n# Now safe to extract members with the data filter.\ntar.extractall(filter=\"data\")\n\u0027\u0027\u0027",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:01:12.271192+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Arbitrary writes via tarfile realpath overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4517"
},
{
"category": "external",
"summary": "RHBZ#2370016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:58:50.352000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Arbitrary writes via tarfile realpath overflow"
},
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-11T21:33:43.044000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372373"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "RHBZ#2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
}
],
"release_date": "2025-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-16T08:41:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18219"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2b91440f3b71bc63e819a3def29e72b31f49878e03fbea67624de6a06925f340_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:691bfc535cb3d22962b0f6dc6fde226b3e70a5d68283ec1846396e3ee0fc7d07_s390x",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:768bd034b3d9e99e0a6c756fcd7d9ec00759c591569f25cd95cc8cb4eb449184_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:8c7a1ae39e07d9a0d578e1f62df4f05ab54cefe058595077403a9d9bbd0ce8e3_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b_amd64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:df852ad92734bc087e213e6c7075daf6d7010db4ab72919649736804e295a6a2_arm64",
"cert-manager operator for Red Hat OpenShift 1.16:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:ec9c6b34a40da29f3ee89b361d94879025a998d34309bf3b63c555f3c225eb16_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…