RHSA-2026:2454
Vulnerability from csaf_redhat - Published: 2026-02-10 15:32 - Updated: 2026-02-11 21:20Summary
Red Hat Security Advisory: DevWorkspace Operator 0.39.0 release.
Notes
Topic
DevWorkspace Operator 0.39.0 has been released.
Details
The DevWorkspace Operator extends OpenShift to provide DevWorkspace support.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "DevWorkspace Operator 0.39.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The DevWorkspace Operator extends OpenShift to provide DevWorkspace support.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2454",
"url": "https://access.redhat.com/errata/RHSA-2026:2454"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/CRW-9839",
"url": "https://issues.redhat.com/browse/CRW-9839"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2454.json"
}
],
"title": "Red Hat Security Advisory: DevWorkspace Operator 0.39.0 release.",
"tracking": {
"current_release_date": "2026-02-11T21:20:19+00:00",
"generator": {
"date": "2026-02-11T21:20:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2454",
"initial_release_date": "2026-02-10T15:32:22+00:00",
"revision_history": [
{
"date": "2026-02-10T15:32:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-10T15:32:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T21:20:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "DevWorkspace Operator 0.39",
"product": {
"name": "DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:devworkspace:0.39::el9"
}
}
}
],
"category": "product_family",
"name": "DevWorkspace Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1769461843"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-operator-bundle@sha256%3A25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1769466773"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:cce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:cce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:cce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3Acce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1769463878"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:a6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:a6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:a6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3Aa6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1769461957"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:dfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:dfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:dfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3Adfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1769461843"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3Aecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1769463878"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:d18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:d18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:d18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3Ad18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1769461957"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1769461843"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1769463878"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1769461957"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:df3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:df3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:df3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3Adf3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1769461843"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1769463878"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:cf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:cf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:cf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3Acf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1769461957"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b_amd64 as a component of DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.39"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47_ppc64le as a component of DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.39"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7_arm64 as a component of DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.39"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:cce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551_amd64 as a component of DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:cce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:cce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.39"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97_s390x as a component of DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.39"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6_ppc64le as a component of DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.39"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:a6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b_amd64 as a component of DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:a6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:a6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.39"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:cf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330_arm64 as a component of DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:cf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:cf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.39"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:d18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d_s390x as a component of DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:d18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:d18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.39"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c_amd64 as a component of DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.39"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5_ppc64le as a component of DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.39"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:df3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db_arm64 as a component of DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:df3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:df3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.39"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:dfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a_s390x as a component of DevWorkspace Operator 0.39",
"product_id": "DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:dfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:dfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.39"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:cce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:a6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:cf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:d18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d_s390x",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:df3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:dfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a_s390x"
],
"known_not_affected": [
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:cce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T15:32:22+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:a6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:cf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:d18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d_s390x",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:df3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:dfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2454"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:cce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97_s390x",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:a6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:cf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:d18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d_s390x",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:df3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:dfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:cce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97_s390x",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:a6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:cf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:d18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d_s390x",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:df3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:dfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:cce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:a6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:cf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:d18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d_s390x",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:df3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:dfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a_s390x"
],
"known_not_affected": [
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:cce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T15:32:22+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:a6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:cf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:d18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d_s390x",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:df3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:dfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2454"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:25b53c2a153cb957c82e414338da944d4f6e94853333f791367e5bf071717c6b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:219c9ff47cda184a937eeb0f95794cce1085698544e01e0b9a2d04eabf746b47_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:26c9d3860b3272f6077de4b7359409291d65be9bed46434c1686817dab4eafb7_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:cce5e5415ada0778b61fb74ffb518c5e1cffa68c13d2d7e636770725634d0551_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ecdf98e0dae1223ca09599bb73a78e846c60d27bb17dae0daab936057836bb97_s390x",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:a6e26ccec55c225a45a5f1640671c1d86d26c2d9527000e662941b488b42536b_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:cf8d932b11342e58a20b1b26f2e668fedbe987ef482e73fefa7d0ae160a70330_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:d18263cba6fc9a51955d6cb704444473955caeeb180d9ff60c8267ad00539e0d_s390x",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c_amd64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:775be225ba4a9ffdd926f27ea9e4e87afdb399768bae202ff60a483b5795c0f5_ppc64le",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:df3c4e2595a292825a9bd6137344293b67d249c710984691c3366a72a56011db_arm64",
"DevWorkspace Operator 0.39:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:dfe6c6208eaea491b40336ab3c327daa8ce0c3a24b8a9426683ca69432dcbd5a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…