rhsa-2025:22014
Vulnerability from csaf_redhat
Published
2025-11-25 05:10
Modified
2025-11-29 06:53
Summary
Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.15.2
Notes
Topic
cert-manager Operator for Red Hat OpenShift 1.15.2
Details
The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities
and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide
certificates-as-a-service to developers working within your Kubernetes cluster.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cert-manager Operator for Red Hat OpenShift 1.15.2",
"title": "Topic"
},
{
"category": "general",
"text": "The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities\nand certificates as first-class resource types in the Kubernetes API. This makes it possible to provide\ncertificates-as-a-service to developers working within your Kubernetes cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22014",
"url": "https://access.redhat.com/errata/RHSA-2025:22014"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-27144",
"url": "https://access.redhat.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html",
"url": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22014.json"
}
],
"title": "Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.15.2",
"tracking": {
"current_release_date": "2025-11-29T06:53:25+00:00",
"generator": {
"date": "2025-11-29T06:53:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:22014",
"initial_release_date": "2025-11-25T05:10:51+00:00",
"revision_history": [
{
"date": "2025-11-25T05:10:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-25T08:28:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-29T06:53:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "cert-manager operator for Red Hat OpenShift 1.15",
"product": {
"name": "cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cert_manager:1.15::el9"
}
}
}
],
"category": "product_family",
"name": "cert-manager operator for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c09abae05168529eca3e247c604760e6912b53ece38c4266978a43405363a97c_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c09abae05168529eca3e247c604760e6912b53ece38c4266978a43405363a97c_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c09abae05168529eca3e247c604760e6912b53ece38c4266978a43405363a97c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Ac09abae05168529eca3e247c604760e6912b53ece38c4266978a43405363a97c?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:e716a4a86a9a8d3065c8de19be72dd2cf63e171a404231052287022f535ef91e_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:e716a4a86a9a8d3065c8de19be72dd2cf63e171a404231052287022f535ef91e_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:e716a4a86a9a8d3065c8de19be72dd2cf63e171a404231052287022f535ef91e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3Ae716a4a86a9a8d3065c8de19be72dd2cf63e171a404231052287022f535ef91e?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:eb81f9a7303eca0ba0d5fccb2682165c4427fccc3ecc7fbdd2056930d39423ca_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:eb81f9a7303eca0ba0d5fccb2682165c4427fccc3ecc7fbdd2056930d39423ca_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:eb81f9a7303eca0ba0d5fccb2682165c4427fccc3ecc7fbdd2056930d39423ca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Aeb81f9a7303eca0ba0d5fccb2682165c4427fccc3ecc7fbdd2056930d39423ca?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:d51c7a02f1f322a651fb258e02e3b4cb99b704f5eb7efce4b691f2ae75a20bc6_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:d51c7a02f1f322a651fb258e02e3b4cb99b704f5eb7efce4b691f2ae75a20bc6_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:d51c7a02f1f322a651fb258e02e3b4cb99b704f5eb7efce4b691f2ae75a20bc6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3Ad51c7a02f1f322a651fb258e02e3b4cb99b704f5eb7efce4b691f2ae75a20bc6?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:debdf90d1e44dbd41b8df3f1bd45369ff83376d0221d80c2f236b1b1e498a5ef_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:debdf90d1e44dbd41b8df3f1bd45369ff83376d0221d80c2f236b1b1e498a5ef_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:debdf90d1e44dbd41b8df3f1bd45369ff83376d0221d80c2f236b1b1e498a5ef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Adebdf90d1e44dbd41b8df3f1bd45369ff83376d0221d80c2f236b1b1e498a5ef?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2c54470f4b9e71f11a22259db0026626459cfd75fa1f6ad96af8bd3064bf4e1e_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2c54470f4b9e71f11a22259db0026626459cfd75fa1f6ad96af8bd3064bf4e1e_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2c54470f4b9e71f11a22259db0026626459cfd75fa1f6ad96af8bd3064bf4e1e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A2c54470f4b9e71f11a22259db0026626459cfd75fa1f6ad96af8bd3064bf4e1e?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2ed56c5467b3eed15cf5f940a552d23e8cfee653df64708077d8edbe17f7baaf_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2ed56c5467b3eed15cf5f940a552d23e8cfee653df64708077d8edbe17f7baaf_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2ed56c5467b3eed15cf5f940a552d23e8cfee653df64708077d8edbe17f7baaf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3A2ed56c5467b3eed15cf5f940a552d23e8cfee653df64708077d8edbe17f7baaf?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6e5e4831bc7c1de6b238a5a72820180265ea5f4d4589cbad0244d211078d75be_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6e5e4831bc7c1de6b238a5a72820180265ea5f4d4589cbad0244d211078d75be_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6e5e4831bc7c1de6b238a5a72820180265ea5f4d4589cbad0244d211078d75be_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A6e5e4831bc7c1de6b238a5a72820180265ea5f4d4589cbad0244d211078d75be?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2c54470f4b9e71f11a22259db0026626459cfd75fa1f6ad96af8bd3064bf4e1e_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2c54470f4b9e71f11a22259db0026626459cfd75fa1f6ad96af8bd3064bf4e1e_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2c54470f4b9e71f11a22259db0026626459cfd75fa1f6ad96af8bd3064bf4e1e_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6e5e4831bc7c1de6b238a5a72820180265ea5f4d4589cbad0244d211078d75be_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6e5e4831bc7c1de6b238a5a72820180265ea5f4d4589cbad0244d211078d75be_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6e5e4831bc7c1de6b238a5a72820180265ea5f4d4589cbad0244d211078d75be_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:d51c7a02f1f322a651fb258e02e3b4cb99b704f5eb7efce4b691f2ae75a20bc6_s390x as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:d51c7a02f1f322a651fb258e02e3b4cb99b704f5eb7efce4b691f2ae75a20bc6_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:d51c7a02f1f322a651fb258e02e3b4cb99b704f5eb7efce4b691f2ae75a20bc6_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:e716a4a86a9a8d3065c8de19be72dd2cf63e171a404231052287022f535ef91e_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:e716a4a86a9a8d3065c8de19be72dd2cf63e171a404231052287022f535ef91e_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:e716a4a86a9a8d3065c8de19be72dd2cf63e171a404231052287022f535ef91e_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2ed56c5467b3eed15cf5f940a552d23e8cfee653df64708077d8edbe17f7baaf_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2ed56c5467b3eed15cf5f940a552d23e8cfee653df64708077d8edbe17f7baaf_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2ed56c5467b3eed15cf5f940a552d23e8cfee653df64708077d8edbe17f7baaf_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c09abae05168529eca3e247c604760e6912b53ece38c4266978a43405363a97c_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c09abae05168529eca3e247c604760e6912b53ece38c4266978a43405363a97c_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c09abae05168529eca3e247c604760e6912b53ece38c4266978a43405363a97c_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:debdf90d1e44dbd41b8df3f1bd45369ff83376d0221d80c2f236b1b1e498a5ef_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:debdf90d1e44dbd41b8df3f1bd45369ff83376d0221d80c2f236b1b1e498a5ef_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:debdf90d1e44dbd41b8df3f1bd45369ff83376d0221d80c2f236b1b1e498a5ef_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:eb81f9a7303eca0ba0d5fccb2682165c4427fccc3ecc7fbdd2056930d39423ca_s390x as a component of cert-manager operator for Red Hat OpenShift 1.15",
"product_id": "cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:eb81f9a7303eca0ba0d5fccb2682165c4427fccc3ecc7fbdd2056930d39423ca_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:eb81f9a7303eca0ba0d5fccb2682165c4427fccc3ecc7fbdd2056930d39423ca_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27144",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-24T23:00:42.448432+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2347423"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. This issue could be exploied by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-jose: Go JOSE\u0027s Parsing Vulnerable to Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-770: Allocation of Resources Without Limits or Throttling vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings required for operations, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect excessive resource usage caused by malicious activity or system misconfigurations. In the event of exploitation, process isolation ensures workloads operate in separate environments, preventing any single process from overconsuming CPU or memory and degrading system performance.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2c54470f4b9e71f11a22259db0026626459cfd75fa1f6ad96af8bd3064bf4e1e_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6e5e4831bc7c1de6b238a5a72820180265ea5f4d4589cbad0244d211078d75be_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:d51c7a02f1f322a651fb258e02e3b4cb99b704f5eb7efce4b691f2ae75a20bc6_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:e716a4a86a9a8d3065c8de19be72dd2cf63e171a404231052287022f535ef91e_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2ed56c5467b3eed15cf5f940a552d23e8cfee653df64708077d8edbe17f7baaf_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c09abae05168529eca3e247c604760e6912b53ece38c4266978a43405363a97c_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:debdf90d1e44dbd41b8df3f1bd45369ff83376d0221d80c2f236b1b1e498a5ef_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:eb81f9a7303eca0ba0d5fccb2682165c4427fccc3ecc7fbdd2056930d39423ca_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "RHBZ#2347423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27144"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22",
"url": "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/releases/tag/v4.0.5",
"url": "https://github.com/go-jose/go-jose/releases/tag/v4.0.5"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78"
}
],
"release_date": "2025-02-24T22:22:22.863000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-25T05:10:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used\nwhen installing the cert-manager Operator for Red Hat OpenShift.\n\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a\nnew version of the Operator. No further action is required to upgrade. This is the default setting.\n\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\n\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional\ninformation.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2c54470f4b9e71f11a22259db0026626459cfd75fa1f6ad96af8bd3064bf4e1e_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6e5e4831bc7c1de6b238a5a72820180265ea5f4d4589cbad0244d211078d75be_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:d51c7a02f1f322a651fb258e02e3b4cb99b704f5eb7efce4b691f2ae75a20bc6_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:e716a4a86a9a8d3065c8de19be72dd2cf63e171a404231052287022f535ef91e_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2ed56c5467b3eed15cf5f940a552d23e8cfee653df64708077d8edbe17f7baaf_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c09abae05168529eca3e247c604760e6912b53ece38c4266978a43405363a97c_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:debdf90d1e44dbd41b8df3f1bd45369ff83376d0221d80c2f236b1b1e498a5ef_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:eb81f9a7303eca0ba0d5fccb2682165c4427fccc3ecc7fbdd2056930d39423ca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22014"
},
{
"category": "workaround",
"details": "As a workaround, applications can pre-validate that payloads being passed to Go JOSE do not contain an excessive number of `.` characters.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2c54470f4b9e71f11a22259db0026626459cfd75fa1f6ad96af8bd3064bf4e1e_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6e5e4831bc7c1de6b238a5a72820180265ea5f4d4589cbad0244d211078d75be_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:d51c7a02f1f322a651fb258e02e3b4cb99b704f5eb7efce4b691f2ae75a20bc6_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:e716a4a86a9a8d3065c8de19be72dd2cf63e171a404231052287022f535ef91e_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2ed56c5467b3eed15cf5f940a552d23e8cfee653df64708077d8edbe17f7baaf_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c09abae05168529eca3e247c604760e6912b53ece38c4266978a43405363a97c_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:debdf90d1e44dbd41b8df3f1bd45369ff83376d0221d80c2f236b1b1e498a5ef_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:eb81f9a7303eca0ba0d5fccb2682165c4427fccc3ecc7fbdd2056930d39423ca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:2c54470f4b9e71f11a22259db0026626459cfd75fa1f6ad96af8bd3064bf4e1e_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6e5e4831bc7c1de6b238a5a72820180265ea5f4d4589cbad0244d211078d75be_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:d51c7a02f1f322a651fb258e02e3b4cb99b704f5eb7efce4b691f2ae75a20bc6_s390x",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:e716a4a86a9a8d3065c8de19be72dd2cf63e171a404231052287022f535ef91e_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2ed56c5467b3eed15cf5f940a552d23e8cfee653df64708077d8edbe17f7baaf_arm64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:c09abae05168529eca3e247c604760e6912b53ece38c4266978a43405363a97c_amd64",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:debdf90d1e44dbd41b8df3f1bd45369ff83376d0221d80c2f236b1b1e498a5ef_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.15:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:eb81f9a7303eca0ba0d5fccb2682165c4427fccc3ecc7fbdd2056930d39423ca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go-jose: Go JOSE\u0027s Parsing Vulnerable to Denial of Service"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…