Search

Find a vulnerability

Search criteria

    28 vulnerabilities found for Red Hat OpenStack Platform 13 (Queens) by Red Hat

    CVE-2026-34956 (GCVE-0-2026-34956)

    Vulnerability from nvd – Published: 2026-05-05 15:45 – Updated: 2026-05-06 14:17
    VLAI
    Title
    Openvswitch: open vswitch: denial of service via malformed ftp epasv command
    Summary
    A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Date Public
    2026-03-31 00:00
    Credits
    Red Hat would like to thank Seiji Sakurai for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-05T16:36:17.493Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/31/15"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34956",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T14:17:23.457705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T14:17:37.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.10",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.11",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.12",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.13",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch-selinux-extra-policy",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.11",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.12",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.11",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.12",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.13",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.15",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.16",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.17",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.1",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch-selinux-extra-policy",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.11",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.12",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.17",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.0",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.1",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.2",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.3",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.4",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.5",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.6",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch-selinux-extra-policy",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.17",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.0",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.1",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-openvswitch-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-openvswitch-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ovn-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-openvswitch",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-neutron-openvswitch-agent",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-openvswitch",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-neutron-openvswitch-agent",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoso-openvswitch",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Seiji Sakurai for reporting this issue."
            }
          ],
          "datePublic": "2026-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-05T15:45:04.638Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-34956"
            },
            {
              "name": "RHBZ#2453459",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453459"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-31T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-31T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openvswitch: open vswitch: denial of service via malformed ftp epasv command",
          "workarounds": [
            {
              "lang": "en",
              "value": "Optionally, avoid using alg=ftp flows. These are not usually configured."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-34956",
        "datePublished": "2026-05-05T15:45:04.638Z",
        "dateReserved": "2026-03-31T17:43:41.756Z",
        "dateUpdated": "2026-05-06T14:17:37.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-4472 (GCVE-0-2021-4472)

    Vulnerability from nvd – Published: 2025-11-26 18:31 – Updated: 2025-12-01 08:05
    VLAI
    Title
    Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature
    Summary
    The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Date Public
    2025-11-26 17:51
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-4472",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-26T18:56:51.745216Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-26T18:57:32.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-12-01T08:05:35.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00002.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-aodh-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-aodh-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-aodh-evaluator",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-aodh-listener",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-aodh-notifier",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-barbican-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-barbican-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-barbican-keystone-listener",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-barbican-worker",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ceilometer-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ceilometer-central",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ceilometer-compute",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ceilometer-ipmi",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ceilometer-notification",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-cinder-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-cinder-backup",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-cinder-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-cinder-scheduler",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-cinder-volume",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-collectd",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-dependencies",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ec2-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-glance-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-glance-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-gnocchi-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-gnocchi-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-gnocchi-metricd",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-gnocchi-statsd",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-heat-all",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-heat-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-heat-api-cfn",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-heat-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-heat-engine",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-horizon",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-horizon-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ironic-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ironic-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ironic-conductor",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ironic-inspector",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ironic-neutron-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ironic-pxe",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-keystone",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-keystone-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-manila-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-manila-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-manila-scheduler",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-manila-share",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-mistral-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-mistral-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-mistral-engine",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-mistral-event-engine",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-mistral-executor",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-dhcp-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-l3-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-metadata-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-metadata-agent-ovn",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-openvswitch-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-server",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-server-opendaylight",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-server-ovn",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-sriov-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-compute",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-compute-ironic",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-conductor",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-consoleauth",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-novncproxy",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-placement-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-scheduler",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-octavia-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-octavia-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-octavia-health-manager",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-octavia-housekeeping",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-octavia-worker",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-panko-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-panko-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-sahara-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-sahara-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-sahara-engine",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-swift-account",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-swift-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-swift-container",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-swift-object",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-swift-proxy-server",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-tempest",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-zaqar",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "python-mistralclient",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-heat-all",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-heat-api",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-heat-api-cfn",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-heat-base",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-heat-engine",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-mistral-api",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-mistral-base",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-mistral-engine",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-mistral-event-engine",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-mistral-executor",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-nova-scheduler",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-tripleoclient",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "python-mistralclient",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-tripleoclient",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-heat-all",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-heat-api",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-heat-api-cfn",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-heat-base",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-heat-engine",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-tripleoclient",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-11-26T17:51:33.136Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the \u0027Create Workbook\u0027 feature that may result in disclosure of arbitrary local files content."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-27T15:20:14.875Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2021-4472"
            },
            {
              "url": "https://bugs.launchpad.net/horizon/+bug/1931558"
            },
            {
              "name": "RHBZ#2417321",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417321"
            },
            {
              "url": "https://review.opendev.org/c/openstack/mistral-dashboard/+/800952"
            },
            {
              "url": "https://review.opendev.org/c/openstack/python-mistralclient/+/800950"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-26T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-11-26T17:51:33.136Z",
              "value": "Made public."
            }
          ],
          "title": "Python-mistralclient: mistral-dashboard: local file inclusion through the \u0027create workbook\u0027 feature",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-73: External Control of File Name or Path"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-4472",
        "datePublished": "2025-11-26T18:31:10.457Z",
        "dateReserved": "2025-11-26T18:01:35.320Z",
        "dateUpdated": "2025-12-01T08:05:35.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-1932 (GCVE-0-2023-1932)

    Vulnerability from nvd – Published: 2024-11-07 10:00 – Updated: 2024-11-07 14:09
    VLAI
    Title
    Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss
    Summary
    A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2023-1932 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1809444 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat A-MQ Clients 2     cpe:/a:redhat:a_mq_clients:2
    Create a notification for this product.
    Red Hat Cryostat 2     cpe:/a:redhat:cryostat:2
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7
    Create a notification for this product.
    Red Hat Red Hat A-MQ Online     cpe:/a:redhat:amq_online:1
    Create a notification for this product.
    Red Hat Red Hat BPM Suite 6     cpe:/a:redhat:jboss_enterprise_bpms_platform:6
    Create a notification for this product.
    Red Hat Red Hat CodeReady Studio 12     cpe:/a:redhat:jboss_developer_studio:12.
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Decision Manager 7     cpe:/a:redhat:jboss_enterprise_brms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss BRMS 5     cpe:/a:redhat:jboss_enterprise_brms_platform:5
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Virtualization 6     cpe:/a:redhat:jboss_data_virtualization:6
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 5     cpe:/a:redhat:jboss_enterprise_application_platform:5
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 6     cpe:/a:redhat:jboss_enterprise_application_platform:6
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Continuous Delivery     cpe:/a:redhat:jboss_enterprise_application_platform_cd
    Create a notification for this product.
    Red Hat Red Hat JBoss Fuse 6     cpe:/a:redhat:jboss_fuse:6
    Create a notification for this product.
    Red Hat Red Hat JBoss Fuse Service Works 6     cpe:/a:redhat:jboss_fuse_service_works:6
    Create a notification for this product.
    Red Hat Red Hat JBoss Operations Network 3     cpe:/a:redhat:jboss_operations_network:3
    Create a notification for this product.
    Red Hat Red Hat JBoss SOA Platform 5     cpe:/a:redhat:jboss_enterprise_soa_platform:5
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 10 (Newton)     cpe:/a:redhat:openstack:10
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 13 (Queens)     cpe:/a:redhat:openstack:13
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Red Hat support for Spring Boot     cpe:/a:redhat:openshift_application_runtimes:1.0
    Create a notification for this product.
    Red Hat streams for Apache Kafka     cpe:/a:redhat:amq_streams:1
    Create a notification for this product.
    Date Public
    2024-02-07 00:00
    Credits
    Red Hat would like to thank Christian Kistner (SySS GmbH) and Moritz Bechler (SySS GmbH) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1932",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T14:09:13.280925Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T14:09:26.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:a_mq_clients:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.apache.logging.log4j-log4j",
              "product": "A-MQ Clients 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:cryostat:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-validator",
              "product": "Cryostat 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:amq_broker:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-validator",
              "product": "Red Hat AMQ Broker 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:amq_online:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.enmasse-enmasse",
              "product": "Red Hat A-MQ Online",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat BPM Suite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_developer_studio:12."
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-validator",
              "product": "Red Hat CodeReady Studio 12",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-validator",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat Decision Manager 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_brms_platform:5"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss BRMS 5",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_virtualization:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Data Virtualization 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:5"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Enterprise Application Platform 5",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Enterprise Application Platform 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_cd"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Enterprise Application Platform Continuous Delivery",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Fuse 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse_service_works:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Fuse Service Works 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_operations_network:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Operations Network 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_soa_platform:5"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss SOA Platform 5",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:10"
              ],
              "defaultStatus": "unknown",
              "packageName": "opendaylight",
              "product": "Red Hat OpenStack Platform 10 (Newton)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "opendaylight",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "candlepin",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-validator",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_application_runtimes:1.0"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat support for Spring Boot",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:amq_streams:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-validator",
              "product": "streams for Apache Kafka",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Christian Kistner (SySS GmbH) and Moritz Bechler (SySS GmbH) for reporting this issue."
            }
          ],
          "datePublic": "2024-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in hibernate-validator\u0027s \u0027isValid\u0027 method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-07T10:00:51.745Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-1932"
            },
            {
              "name": "RHBZ#1809444",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809444"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2020-02-27T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-02-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-1932",
        "datePublished": "2024-11-07T10:00:51.745Z",
        "dateReserved": "2023-04-06T20:10:01.569Z",
        "dateUpdated": "2024-11-07T14:09:26.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7319 (GCVE-0-2024-7319)

    Vulnerability from nvd – Published: 2024-08-02 20:36 – Updated: 2025-11-20 20:56
    VLAI
    Title
    Openstack-heat: incomplete fix for cve-2023-1625
    Summary
    An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2024-7319 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2258810 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2024-07-31 04:06
    Credits
    Red Hat would like to thank lujie for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-07T20:33:25.460176Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:33:49.446Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/openstack/heat",
              "defaultStatus": "unaffected",
              "packageName": "openstack-heat",
              "versions": [
                {
                  "lessThanOrEqual": "22.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unknown",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 17.0",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank lujie for reporting this issue."
            }
          ],
          "datePublic": "2024-07-31T04:06:26.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T20:56:47.430Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-7319"
            },
            {
              "name": "RHBZ#2258810",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258810"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-17T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-07-31T04:06:26.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openstack-heat: incomplete fix for cve-2023-1625",
          "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-7319",
        "datePublished": "2024-08-02T20:36:24.314Z",
        "dateReserved": "2024-07-31T04:01:49.906Z",
        "dateUpdated": "2025-11-20T20:56:47.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3153 (GCVE-0-2023-3153)

    Vulnerability from nvd – Published: 2023-10-04 11:13 – Updated: 2024-09-19 14:25
    VLAI
    Title
    Service monitor mac flow is not rate limited
    Summary
    A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    n/a ovn Unaffected: 22.12.1
    Unaffected: 22.03.3
    Unaffected: 23.06.1
    Unaffected: 23.03.1
    Unaffected: 22.09.2
    Red Hat Fast Datapath for RHEL 7     cpe:/o:redhat:enterprise_linux:7::fastdatapath
    Create a notification for this product.
    Red Hat Fast Datapath for RHEL 8     cpe:/o:redhat:enterprise_linux:8::fastdatapath
    Create a notification for this product.
    Red Hat Fast Datapath for RHEL 9     cpe:/o:redhat:enterprise_linux:9::fastdatapath
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 13 (Queens)     cpe:/a:redhat:openstack:13
    Create a notification for this product.
    Fedora Fedora Create a notification for this product.
    Date Public
    2023-06-07 00:00
    Credits
    This issue was discovered by Ales Musil (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3153"
              },
              {
                "name": "RHBZ#2213279",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ovn-org/ovn/issues/198"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3153",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T14:24:33.931307Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T14:25:08.613Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ovn",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "22.12.1"
                },
                {
                  "status": "unaffected",
                  "version": "22.03.3"
                },
                {
                  "status": "unaffected",
                  "version": "23.06.1"
                },
                {
                  "status": "unaffected",
                  "version": "23.03.1"
                },
                {
                  "status": "unaffected",
                  "version": "22.09.2"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.11",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.12",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.13",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn-2021",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.11",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.12",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.13",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.03",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.06",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.09",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.12",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn-2021",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.03",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.06",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.09",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.12",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn-2021",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn21.09",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn21.12",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.03",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.06",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.09",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.12",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn23.03",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unknown",
              "packageName": "ovn2.11",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "affected",
              "packageName": "ovn",
              "product": "Fedora",
              "vendor": "Fedora"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Ales Musil (Red Hat)."
            }
          ],
          "datePublic": "2023-06-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-04T11:13:40.083Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-3153"
            },
            {
              "name": "RHBZ#2213279",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279"
            },
            {
              "url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd"
            },
            {
              "url": "https://github.com/ovn-org/ovn/issues/198"
            },
            {
              "url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html"
            },
            {
              "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-07T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-06-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Service monitor mac flow is not rate limited",
          "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3153",
        "datePublished": "2023-10-04T11:13:40.083Z",
        "dateReserved": "2023-06-07T18:04:42.140Z",
        "dateUpdated": "2024-09-19T14:25:08.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1636 (GCVE-0-2023-1636)

    Vulnerability from nvd – Published: 2023-09-24 00:09 – Updated: 2024-09-24 15:00
    VLAI
    Title
    Incomplete container isolation
    Summary
    A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-653 - Improper Isolation or Compartmentalization
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2023-1636 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2181765 issue-trackingx_refsource_REDHAT
    Date Public
    2023-04-21 00:00
    Credits
    Red Hat would like to thank ANSSI and Amossys for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:24.831Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-1636"
              },
              {
                "name": "RHBZ#2181765",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181765"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1636",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T14:59:54.638602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T15:00:07.823Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "openstack-barbican",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 17.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://repos.fedorapeople.org/repos/openstack/",
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "OpenStack RDO",
              "vendor": "RDO"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank ANSSI and Amossys for reporting this issue."
            }
          ],
          "datePublic": "2023-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-653",
                  "description": "Improper Isolation or Compartmentalization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-24T00:09:03.770Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-1636"
            },
            {
              "name": "RHBZ#2181765",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181765"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-03-25T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-04-21T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Incomplete container isolation",
          "x_redhatCweChain": "CWE-653: Improper Isolation or Compartmentalization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-1636",
        "datePublished": "2023-09-24T00:09:03.770Z",
        "dateReserved": "2023-03-25T18:18:19.615Z",
        "dateUpdated": "2024-09-24T15:00:07.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1633 (GCVE-0-2023-1633)

    Vulnerability from nvd – Published: 2023-09-24 00:09 – Updated: 2024-09-24 15:00
    VLAI
    Title
    Insecure barbican configuration file leaking credential
    Summary
    A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2023-1633 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2181761 issue-trackingx_refsource_REDHAT
    Date Public
    2023-04-21 00:00
    Credits
    This issue was discovered by Ade Lee (Red Hat) and Grzegorz Grasza (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:24.844Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-1633"
              },
              {
                "name": "RHBZ#2181761",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T15:00:26.781162Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T15:00:33.599Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "openstack-barbican",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unknown",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 17.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://repos.fedorapeople.org/repos/openstack/",
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "OpenStack RDO",
              "vendor": "RDO"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Ade Lee (Red Hat) and Grzegorz Grasza (Red Hat)."
            }
          ],
          "datePublic": "2023-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-24T00:09:50.215Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-1633"
            },
            {
              "name": "RHBZ#2181761",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-03-25T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-04-21T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Insecure barbican configuration file leaking credential",
          "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-1633",
        "datePublished": "2023-09-24T00:09:50.215Z",
        "dateReserved": "2023-03-25T17:59:57.293Z",
        "dateUpdated": "2024-09-24T15:00:33.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1625 (GCVE-0-2023-1625)

    Vulnerability from nvd – Published: 2023-09-24 00:08 – Updated: 2024-09-24 14:59
    VLAI
    Title
    Information leak in api
    Summary
    An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-202 - Exposure of Sensitive Information Through Data Queries
    Assigner
    Date Public
    2023-01-27 00:00
    Credits
    Red Hat would like to thank Chengen Du (Canonical) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:24.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-1625"
              },
              {
                "name": "RHBZ#2181621",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181621"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.net/bugs/1999665"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1625",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T14:59:09.559299Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T14:59:25.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "openstack-heat",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unknown",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 17.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://repos.fedorapeople.org/repos/openstack/",
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "OpenStack RDO",
              "vendor": "RDO"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Chengen Du (Canonical) for reporting this issue."
            }
          ],
          "datePublic": "2023-01-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the \u0027stack show\u0027 command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-202",
                  "description": "Exposure of Sensitive Information Through Data Queries",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-24T00:08:12.738Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-1625"
            },
            {
              "name": "RHBZ#2181621",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181621"
            },
            {
              "url": "https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb"
            },
            {
              "url": "https://launchpad.net/bugs/1999665"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-03-24T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-01-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Information leak in api",
          "x_redhatCweChain": "CWE-202: Exposure of Sensitive Information Through Data Queries"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-1625",
        "datePublished": "2023-09-24T00:08:12.738Z",
        "dateReserved": "2023-03-24T19:25:35.529Z",
        "dateUpdated": "2024-09-24T14:59:25.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1108 (GCVE-0-2023-1108)

    Vulnerability from nvd – Published: 2023-09-14 14:48 – Updated: 2024-08-02 05:32
    VLAI
    Title
    Undertow: infinite loop in sslconduit during close
    Summary
    A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unaffected: 2.3.5
    Unaffected: 2.2.24
    Red Hat EAP 7.4.10 release     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat Fuse 7.12     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1.0     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.2.22-1.SP3_redhat_00002.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:7.4.9-6.GA_redhat_00004.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.2.23-1.SP2_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.0.14-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.2.22-1.SP3_redhat_00002.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:7.4.9-6.GA_redhat_00004.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.2.23-1.SP2_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.0.14-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.2.22-1.SP3_redhat_00002.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:7.4.9-6.GA_redhat_00004.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.2.23-1.SP2_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.0.14-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6.4
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.8-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.8-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.8-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat Red Hat support for Spring Boot 2.7.13     cpe:/a:redhat:openshift_application_runtimes:1.0
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-24 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHPAM 7.13.1 async     cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:2
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat Integration Camel Quarkus     cpe:/a:redhat:camel_quarkus:2
    Create a notification for this product.
    Red Hat Red Hat Integration Service Registry     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat JBoss Fuse 6     cpe:/a:redhat:jboss_fuse:6
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 13 (Queens)     cpe:/a:redhat:openstack:13
    Create a notification for this product.
    Date Public
    2023-03-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1108",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T18:37:50.625681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T18:38:02.186Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:46.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:1184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:1184"
              },
              {
                "name": "RHSA-2023:1185",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:1185"
              },
              {
                "name": "RHSA-2023:1512",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:1512"
              },
              {
                "name": "RHSA-2023:1513",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:1513"
              },
              {
                "name": "RHSA-2023:1514",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:1514"
              },
              {
                "name": "RHSA-2023:1516",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:1516"
              },
              {
                "name": "RHSA-2023:2135",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:2135"
              },
              {
                "name": "RHSA-2023:3883",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3883"
              },
              {
                "name": "RHSA-2023:3884",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3884"
              },
              {
                "name": "RHSA-2023:3885",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3885"
              },
              {
                "name": "RHSA-2023:3888",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3888"
              },
              {
                "name": "RHSA-2023:3892",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3892"
              },
              {
                "name": "RHSA-2023:3954",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3954"
              },
              {
                "name": "RHSA-2023:4612",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4612"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-1108"
              },
              {
                "name": "RHBZ#2174246",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231020-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/undertow-io/undertow",
              "packageName": "io.undertow:undertow-core",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "2.3.5"
                },
                {
                  "status": "unaffected",
                  "version": "2.2.24"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "product": "EAP 7.4.10 release",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Fuse 7.12",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.22-1.SP3_redhat_00002.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.9-6.GA_redhat_00004.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.23-1.SP2_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.14-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.22-1.SP3_redhat_00002.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.9-6.GA_redhat_00004.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.23-1.SP2_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.14-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.22-1.SP3_redhat_00002.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.9-6.GA_redhat_00004.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.23-1.SP2_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.14-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6.4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.8-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.8-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.8-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_application_runtimes:1.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat support for Spring Boot 2.7.13",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "RHPAM 7.13.1 async",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel K",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Service Registry",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Fuse 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-03-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T15:32:32.904Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:1184",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:1184"
            },
            {
              "name": "RHSA-2023:1185",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:1185"
            },
            {
              "name": "RHSA-2023:1512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:1512"
            },
            {
              "name": "RHSA-2023:1513",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:1513"
            },
            {
              "name": "RHSA-2023:1514",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:1514"
            },
            {
              "name": "RHSA-2023:1516",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:1516"
            },
            {
              "name": "RHSA-2023:2135",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:2135"
            },
            {
              "name": "RHSA-2023:3883",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:3883"
            },
            {
              "name": "RHSA-2023:3884",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:3884"
            },
            {
              "name": "RHSA-2023:3885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:3885"
            },
            {
              "name": "RHSA-2023:3888",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:3888"
            },
            {
              "name": "RHSA-2023:3892",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:3892"
            },
            {
              "name": "RHSA-2023:3954",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:3954"
            },
            {
              "name": "RHSA-2023:4612",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4612"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-1108"
            },
            {
              "name": "RHBZ#2174246",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
            },
            {
              "url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231020-0002/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-02-07T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-03-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: infinite loop in sslconduit during close",
          "x_redhatCweChain": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-1108",
        "datePublished": "2023-09-14T14:48:58.869Z",
        "dateReserved": "2023-03-01T00:27:23.587Z",
        "dateUpdated": "2024-08-02T05:32:46.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3301 (GCVE-0-2023-3301)

    Vulnerability from nvd – Published: 2023-09-13 16:09 – Updated: 2025-02-13 16:55
    VLAI
    Title
    Triggerable assertion due to race condition in hot-unplug
    Summary
    A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2023-06-19 00:00
    Credits
    This issue was discovered by Eugenio Perez Martin (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3301"
              },
              {
                "name": "RHBZ#2215784",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231020-0008/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3301",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T17:39:47.385450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T17:39:58.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "qemu",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "8.1.0-rc0"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "qemu-kvm-ma",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "virt:rhel/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_virtualization:8::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "virt:av/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unknown",
              "packageName": "qemu-kvm-rhev",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "qemu",
              "product": "Extra Packages for Enterprise Linux",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "affected",
              "packageName": "qemu",
              "product": "Fedora",
              "vendor": "Fedora"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Eugenio Perez Martin (Red Hat)."
            }
          ],
          "datePublic": "2023-06-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T14:06:34.548Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-3301"
            },
            {
              "name": "RHBZ#2215784",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231020-0008/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-03-14T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-06-19T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Triggerable assertion due to race condition in hot-unplug",
          "x_redhatCweChain": "CWE-362-\u003eCWE-617: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Reachable Assertion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3301",
        "datePublished": "2023-09-13T16:09:36.861Z",
        "dateReserved": "2023-06-17T16:48:21.977Z",
        "dateUpdated": "2025-02-13T16:55:04.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2680 (GCVE-0-2023-2680)

    Vulnerability from nvd – Published: 2023-09-13 16:50 – Updated: 2025-02-13 16:44
    VLAI
    Title
    Dma reentrancy issue (incomplete fix for cve-2021-3750)
    Summary
    This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.
    CWE
    Assigner
    Date Public
    2023-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.478Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-2680"
              },
              {
                "name": "RHBZ#2203387",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231116-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "qemu",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm-ma",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "virt:rhel/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_virtualization:8::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "virt:av/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm-rhev",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "qemu",
              "product": "Fedora",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "qemu",
              "product": "Extra Packages for Enterprise Linux",
              "vendor": "Fedora"
            }
          ],
          "datePublic": "2023-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-16T15:07:43.093Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-2680"
            },
            {
              "name": "RHBZ#2203387",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231116-0001/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-10T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Dma reentrancy issue (incomplete fix for cve-2021-3750)",
          "x_redhatCweChain": "CWE-416: Use After Free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-2680",
        "datePublished": "2023-09-13T16:50:53.532Z",
        "dateReserved": "2023-05-12T09:57:43.190Z",
        "dateUpdated": "2025-02-13T16:44:57.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3354 (GCVE-0-2023-3354)

    Vulnerability from nvd – Published: 2023-07-11 16:16 – Updated: 2025-02-13 16:55
    VLAI
    Title
    Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
    Summary
    A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Date Public
    2023-06-28 00:00
    Credits
    Red Hat would like to thank jiangyegen (Huawei Vulnerability Management Center) and yexiao7 (Huawei Vulnerability Management Center) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:00.939Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3354"
              },
              {
                "name": "RHBZ#2216478",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216478"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "qemu",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "qemu-kvm-ma",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "virt:rhel/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_virtualization:8::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "virt:av/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "qemu-kvm-rhev",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "affected",
              "packageName": "qemu",
              "product": "Fedora",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "qemu",
              "product": "Extra Packages for Enterprise Linux",
              "vendor": "Fedora"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank jiangyegen (Huawei Vulnerability Management Center) and yexiao7 (Huawei Vulnerability Management Center) for reporting this issue."
            }
          ],
          "datePublic": "2023-06-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-11T18:05:59.059Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-3354"
            },
            {
              "name": "RHBZ#2216478",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216478"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-21T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-06-28T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service",
          "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3354",
        "datePublished": "2023-07-11T16:16:56.294Z",
        "dateReserved": "2023-06-21T12:33:29.897Z",
        "dateUpdated": "2025-02-13T16:55:08.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-0270 (GCVE-0-2013-0270)

    Vulnerability from nvd – Published: 2013-04-12 22:00 – Updated: 2026-04-07 06:55
    VLAI
    Title
    Keystone: openstack keystone: denial of service via large http request with long tenant name
    Summary
    A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    Date Public
    2013-04-12 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:18:09.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/keystone/grizzly/2013.1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909012"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/keystone/+bug/1099025"
              },
              {
                "name": "RHSA-2013:0708",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2013-04-12T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T06:55:17.958Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2013-0270"
            },
            {
              "url": "https://bugs.launchpad.net/keystone/+bug/1099025"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909012"
            },
            {
              "url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"
            },
            {
              "url": "https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"
            },
            {
              "url": "https://launchpad.net/keystone/grizzly/2013.1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-02T15:03:35.327Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2013-04-12T22:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keystone: openstack keystone: denial of service via large http request with long tenant name",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1284: Improper Validation of Specified Quantity in Input"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-0270",
        "datePublished": "2013-04-12T22:00:00.000Z",
        "dateReserved": "2012-12-06T00:00:00.000Z",
        "dateUpdated": "2026-04-07T06:55:17.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2012-5571 (GCVE-0-2012-5571)

    Vulnerability from nvd – Published: 2012-12-18 01:00 – Updated: 2026-04-07 06:55
    VLAI
    Title
    Openstack keystone: openstack keystone: authorization bypass via improper ec2 token handling
    Summary
    A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Date Public
    2012-12-18 01:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:15.748Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
              },
              {
                "name": "RHSA-2012:1557",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
              },
              {
                "name": "RHSA-2012:1556",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
              },
              {
                "name": "[oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
              },
              {
                "name": "USN-1641-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1641-1"
              },
              {
                "name": "keystone-tenant-sec-bypass(80333)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/keystone/+bug/1064914"
              },
              {
                "name": "[oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
              },
              {
                "name": "51423",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51423"
              },
              {
                "name": "56726",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56726"
              },
              {
                "name": "51436",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51436"
              },
              {
                "name": "FEDORA-2012-19341",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2012-12-18T01:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user\u0027s role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T06:55:17.789Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
            },
            {
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
            },
            {
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
            },
            {
              "url": "http://secunia.com/advisories/51423"
            },
            {
              "url": "http://secunia.com/advisories/51436"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
            },
            {
              "url": "http://www.securityfocus.com/bid/56726"
            },
            {
              "url": "http://www.ubuntu.com/usn/USN-1641-1"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2012-5571"
            },
            {
              "url": "https://bugs.launchpad.net/keystone/+bug/1064914"
            },
            {
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
            },
            {
              "url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
            },
            {
              "url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
            },
            {
              "url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-02T15:02:50.229Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2012-12-18T01:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openstack keystone: openstack keystone: authorization bypass via improper ec2 token handling",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5571",
        "datePublished": "2012-12-18T01:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2026-04-07T06:55:17.789Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-34956 (GCVE-0-2026-34956)

    Vulnerability from cvelistv5 – Published: 2026-05-05 15:45 – Updated: 2026-05-06 14:17
    VLAI
    Title
    Openvswitch: open vswitch: denial of service via malformed ftp epasv command
    Summary
    A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Date Public
    2026-03-31 00:00
    Credits
    Red Hat would like to thank Seiji Sakurai for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-05T16:36:17.493Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/03/31/15"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-34956",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-06T14:17:23.457705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-06T14:17:37.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.10",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.11",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.12",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.13",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch-selinux-extra-policy",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.11",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.12",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.11",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.12",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.13",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.15",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.16",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.17",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.1",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch-selinux-extra-policy",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.11",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.12",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.17",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.0",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.1",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.2",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.3",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.4",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.5",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.6",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch-selinux-extra-policy",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch2.17",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.0",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "openvswitch3.1",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "rhcos",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-openvswitch-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-openvswitch-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ovn-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-openvswitch",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-neutron-openvswitch-agent",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-openvswitch",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-neutron-openvswitch-agent",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "rhoso-openvswitch",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Seiji Sakurai for reporting this issue."
            }
          ],
          "datePublic": "2026-03-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-05T15:45:04.638Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-34956"
            },
            {
              "name": "RHBZ#2453459",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453459"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-31T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-03-31T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openvswitch: open vswitch: denial of service via malformed ftp epasv command",
          "workarounds": [
            {
              "lang": "en",
              "value": "Optionally, avoid using alg=ftp flows. These are not usually configured."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-34956",
        "datePublished": "2026-05-05T15:45:04.638Z",
        "dateReserved": "2026-03-31T17:43:41.756Z",
        "dateUpdated": "2026-05-06T14:17:37.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-4472 (GCVE-0-2021-4472)

    Vulnerability from cvelistv5 – Published: 2025-11-26 18:31 – Updated: 2025-12-01 08:05
    VLAI
    Title
    Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature
    Summary
    The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Date Public
    2025-11-26 17:51
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-4472",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-26T18:56:51.745216Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-26T18:57:32.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-12-01T08:05:35.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00002.html"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-aodh-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-aodh-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-aodh-evaluator",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-aodh-listener",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-aodh-notifier",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-barbican-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-barbican-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-barbican-keystone-listener",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-barbican-worker",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ceilometer-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ceilometer-central",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ceilometer-compute",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ceilometer-ipmi",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ceilometer-notification",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-cinder-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-cinder-backup",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-cinder-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-cinder-scheduler",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-cinder-volume",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-collectd",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-dependencies",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ec2-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-glance-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-glance-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-gnocchi-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-gnocchi-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-gnocchi-metricd",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-gnocchi-statsd",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-heat-all",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-heat-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-heat-api-cfn",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-heat-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-heat-engine",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-horizon",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-horizon-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ironic-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ironic-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ironic-conductor",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ironic-inspector",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ironic-neutron-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-ironic-pxe",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-keystone",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-keystone-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-manila-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-manila-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-manila-scheduler",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-manila-share",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-mistral-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-mistral-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-mistral-engine",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-mistral-event-engine",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-mistral-executor",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-dhcp-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-l3-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-metadata-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-metadata-agent-ovn",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-openvswitch-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-server",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-server-opendaylight",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-server-ovn",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-neutron-sriov-agent",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-compute",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-compute-ironic",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-conductor",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-consoleauth",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-novncproxy",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-placement-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-nova-scheduler",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-octavia-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-octavia-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-octavia-health-manager",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-octavia-housekeeping",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-octavia-worker",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-panko-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-panko-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-sahara-api",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-sahara-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-sahara-engine",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-swift-account",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-swift-base",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-swift-container",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-swift-object",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-swift-proxy-server",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-tempest",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp13/openstack-zaqar",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "python-mistralclient",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-heat-all",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-heat-api",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-heat-api-cfn",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-heat-base",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-heat-engine",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-mistral-api",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-mistral-base",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-mistral-engine",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-mistral-event-engine",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-mistral-executor",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-nova-scheduler",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-tripleoclient",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "python-mistralclient",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel8/openstack-tripleoclient",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-heat-all",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-heat-api",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-heat-api-cfn",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-heat-base",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-heat-engine",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "rhosp-rhel9/openstack-tripleoclient",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-11-26T17:51:33.136Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the \u0027Create Workbook\u0027 feature that may result in disclosure of arbitrary local files content."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-27T15:20:14.875Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2021-4472"
            },
            {
              "url": "https://bugs.launchpad.net/horizon/+bug/1931558"
            },
            {
              "name": "RHBZ#2417321",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417321"
            },
            {
              "url": "https://review.opendev.org/c/openstack/mistral-dashboard/+/800952"
            },
            {
              "url": "https://review.opendev.org/c/openstack/python-mistralclient/+/800950"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-11-26T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-11-26T17:51:33.136Z",
              "value": "Made public."
            }
          ],
          "title": "Python-mistralclient: mistral-dashboard: local file inclusion through the \u0027create workbook\u0027 feature",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-73: External Control of File Name or Path"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2021-4472",
        "datePublished": "2025-11-26T18:31:10.457Z",
        "dateReserved": "2025-11-26T18:01:35.320Z",
        "dateUpdated": "2025-12-01T08:05:35.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-1932 (GCVE-0-2023-1932)

    Vulnerability from cvelistv5 – Published: 2024-11-07 10:00 – Updated: 2024-11-07 14:09
    VLAI
    Title
    Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss
    Summary
    A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2023-1932 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1809444 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat A-MQ Clients 2     cpe:/a:redhat:a_mq_clients:2
    Create a notification for this product.
    Red Hat Cryostat 2     cpe:/a:redhat:cryostat:2
    Create a notification for this product.
    Red Hat Red Hat AMQ Broker 7     cpe:/a:redhat:amq_broker:7
    Create a notification for this product.
    Red Hat Red Hat A-MQ Online     cpe:/a:redhat:amq_online:1
    Create a notification for this product.
    Red Hat Red Hat BPM Suite 6     cpe:/a:redhat:jboss_enterprise_bpms_platform:6
    Create a notification for this product.
    Red Hat Red Hat CodeReady Studio 12     cpe:/a:redhat:jboss_developer_studio:12.
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Decision Manager 7     cpe:/a:redhat:jboss_enterprise_brms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Fuse 7     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss BRMS 5     cpe:/a:redhat:jboss_enterprise_brms_platform:5
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Virtualization 6     cpe:/a:redhat:jboss_data_virtualization:6
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 5     cpe:/a:redhat:jboss_enterprise_application_platform:5
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 6     cpe:/a:redhat:jboss_enterprise_application_platform:6
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7     cpe:/a:redhat:jboss_enterprise_application_platform:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Continuous Delivery     cpe:/a:redhat:jboss_enterprise_application_platform_cd
    Create a notification for this product.
    Red Hat Red Hat JBoss Fuse 6     cpe:/a:redhat:jboss_fuse:6
    Create a notification for this product.
    Red Hat Red Hat JBoss Fuse Service Works 6     cpe:/a:redhat:jboss_fuse_service_works:6
    Create a notification for this product.
    Red Hat Red Hat JBoss Operations Network 3     cpe:/a:redhat:jboss_operations_network:3
    Create a notification for this product.
    Red Hat Red Hat JBoss SOA Platform 5     cpe:/a:redhat:jboss_enterprise_soa_platform:5
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 10 (Newton)     cpe:/a:redhat:openstack:10
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 13 (Queens)     cpe:/a:redhat:openstack:13
    Create a notification for this product.
    Red Hat Red Hat Process Automation 7     cpe:/a:redhat:jboss_enterprise_bpms_platform:7
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7
    Create a notification for this product.
    Red Hat Red Hat support for Spring Boot     cpe:/a:redhat:openshift_application_runtimes:1.0
    Create a notification for this product.
    Red Hat streams for Apache Kafka     cpe:/a:redhat:amq_streams:1
    Create a notification for this product.
    Date Public
    2024-02-07 00:00
    Credits
    Red Hat would like to thank Christian Kistner (SySS GmbH) and Moritz Bechler (SySS GmbH) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1932",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T14:09:13.280925Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T14:09:26.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:a_mq_clients:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "org.apache.logging.log4j-log4j",
              "product": "A-MQ Clients 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:cryostat:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-validator",
              "product": "Cryostat 2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:amq_broker:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-validator",
              "product": "Red Hat AMQ Broker 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:amq_online:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.enmasse-enmasse",
              "product": "Red Hat A-MQ Online",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat BPM Suite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_developer_studio:12."
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-validator",
              "product": "Red Hat CodeReady Studio 12",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-validator",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat Decision Manager 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat Fuse 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_brms_platform:5"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss BRMS 5",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_virtualization:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Data Virtualization 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:5"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Enterprise Application Platform 5",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Enterprise Application Platform 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Enterprise Application Platform 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform_cd"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Enterprise Application Platform Continuous Delivery",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Fuse 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse_service_works:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Fuse Service Works 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_operations_network:3"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss Operations Network 3",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_soa_platform:5"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat JBoss SOA Platform 5",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:10"
              ],
              "defaultStatus": "unknown",
              "packageName": "opendaylight",
              "product": "Red Hat OpenStack Platform 10 (Newton)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "opendaylight",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat Process Automation 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:satellite:6"
              ],
              "defaultStatus": "affected",
              "packageName": "candlepin",
              "product": "Red Hat Satellite 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7"
              ],
              "defaultStatus": "affected",
              "packageName": "hibernate-validator",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_application_runtimes:1.0"
              ],
              "defaultStatus": "unknown",
              "packageName": "hibernate-validator",
              "product": "Red Hat support for Spring Boot",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:amq_streams:1"
              ],
              "defaultStatus": "unaffected",
              "packageName": "hibernate-validator",
              "product": "streams for Apache Kafka",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Christian Kistner (SySS GmbH) and Moritz Bechler (SySS GmbH) for reporting this issue."
            }
          ],
          "datePublic": "2024-02-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in hibernate-validator\u0027s \u0027isValid\u0027 method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-07T10:00:51.745Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-1932"
            },
            {
              "name": "RHBZ#1809444",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809444"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2020-02-27T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-02-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-1932",
        "datePublished": "2024-11-07T10:00:51.745Z",
        "dateReserved": "2023-04-06T20:10:01.569Z",
        "dateUpdated": "2024-11-07T14:09:26.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7319 (GCVE-0-2024-7319)

    Vulnerability from cvelistv5 – Published: 2024-08-02 20:36 – Updated: 2025-11-20 20:56
    VLAI
    Title
    Openstack-heat: incomplete fix for cve-2023-1625
    Summary
    An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2024-7319 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2258810 issue-trackingx_refsource_REDHAT
    Impacted products
    Date Public
    2024-07-31 04:06
    Credits
    Red Hat would like to thank lujie for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-07T20:33:25.460176Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:33:49.446Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/openstack/heat",
              "defaultStatus": "unaffected",
              "packageName": "openstack-heat",
              "versions": [
                {
                  "lessThanOrEqual": "22.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unknown",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 17.0",
              "vendor": "Red Hat"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank lujie for reporting this issue."
            }
          ],
          "datePublic": "2024-07-31T04:06:26.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-20T20:56:47.430Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-7319"
            },
            {
              "name": "RHBZ#2258810",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258810"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-17T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-07-31T04:06:26.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openstack-heat: incomplete fix for cve-2023-1625",
          "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-7319",
        "datePublished": "2024-08-02T20:36:24.314Z",
        "dateReserved": "2024-07-31T04:01:49.906Z",
        "dateUpdated": "2025-11-20T20:56:47.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-3153 (GCVE-0-2023-3153)

    Vulnerability from cvelistv5 – Published: 2023-10-04 11:13 – Updated: 2024-09-19 14:25
    VLAI
    Title
    Service monitor mac flow is not rate limited
    Summary
    A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    n/a ovn Unaffected: 22.12.1
    Unaffected: 22.03.3
    Unaffected: 23.06.1
    Unaffected: 23.03.1
    Unaffected: 22.09.2
    Red Hat Fast Datapath for RHEL 7     cpe:/o:redhat:enterprise_linux:7::fastdatapath
    Create a notification for this product.
    Red Hat Fast Datapath for RHEL 8     cpe:/o:redhat:enterprise_linux:8::fastdatapath
    Create a notification for this product.
    Red Hat Fast Datapath for RHEL 9     cpe:/o:redhat:enterprise_linux:9::fastdatapath
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 13 (Queens)     cpe:/a:redhat:openstack:13
    Create a notification for this product.
    Fedora Fedora Create a notification for this product.
    Date Public
    2023-06-07 00:00
    Credits
    This issue was discovered by Ales Musil (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3153"
              },
              {
                "name": "RHBZ#2213279",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ovn-org/ovn/issues/198"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3153",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T14:24:33.931307Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T14:25:08.613Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ovn",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "22.12.1"
                },
                {
                  "status": "unaffected",
                  "version": "22.03.3"
                },
                {
                  "status": "unaffected",
                  "version": "23.06.1"
                },
                {
                  "status": "unaffected",
                  "version": "23.03.1"
                },
                {
                  "status": "unaffected",
                  "version": "22.09.2"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.11",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.12",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.13",
              "product": "Fast Datapath for RHEL 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn-2021",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.11",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.12",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn2.13",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.03",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.06",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.09",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.12",
              "product": "Fast Datapath for RHEL 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn-2021",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.03",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.06",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.09",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.12",
              "product": "Fast Datapath for RHEL 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn-2021",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn21.09",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn21.12",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.03",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.06",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.09",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn22.12",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift:4"
              ],
              "defaultStatus": "affected",
              "packageName": "ovn23.03",
              "product": "Red Hat OpenShift Container Platform 4",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unknown",
              "packageName": "ovn2.11",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "affected",
              "packageName": "ovn",
              "product": "Fedora",
              "vendor": "Fedora"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Ales Musil (Red Hat)."
            }
          ],
          "datePublic": "2023-06-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-04T11:13:40.083Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-3153"
            },
            {
              "name": "RHBZ#2213279",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279"
            },
            {
              "url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd"
            },
            {
              "url": "https://github.com/ovn-org/ovn/issues/198"
            },
            {
              "url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html"
            },
            {
              "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-07T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-06-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Service monitor mac flow is not rate limited",
          "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3153",
        "datePublished": "2023-10-04T11:13:40.083Z",
        "dateReserved": "2023-06-07T18:04:42.140Z",
        "dateUpdated": "2024-09-19T14:25:08.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1633 (GCVE-0-2023-1633)

    Vulnerability from cvelistv5 – Published: 2023-09-24 00:09 – Updated: 2024-09-24 15:00
    VLAI
    Title
    Insecure barbican configuration file leaking credential
    Summary
    A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2023-1633 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2181761 issue-trackingx_refsource_REDHAT
    Date Public
    2023-04-21 00:00
    Credits
    This issue was discovered by Ade Lee (Red Hat) and Grzegorz Grasza (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:24.844Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-1633"
              },
              {
                "name": "RHBZ#2181761",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T15:00:26.781162Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T15:00:33.599Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "openstack-barbican",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unknown",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 17.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://repos.fedorapeople.org/repos/openstack/",
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "OpenStack RDO",
              "vendor": "RDO"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Ade Lee (Red Hat) and Grzegorz Grasza (Red Hat)."
            }
          ],
          "datePublic": "2023-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-24T00:09:50.215Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-1633"
            },
            {
              "name": "RHBZ#2181761",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-03-25T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-04-21T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Insecure barbican configuration file leaking credential",
          "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-1633",
        "datePublished": "2023-09-24T00:09:50.215Z",
        "dateReserved": "2023-03-25T17:59:57.293Z",
        "dateUpdated": "2024-09-24T15:00:33.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1636 (GCVE-0-2023-1636)

    Vulnerability from cvelistv5 – Published: 2023-09-24 00:09 – Updated: 2024-09-24 15:00
    VLAI
    Title
    Incomplete container isolation
    Summary
    A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-653 - Improper Isolation or Compartmentalization
    Assigner
    References
    URL Tags
    https://access.redhat.com/security/cve/CVE-2023-1636 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2181765 issue-trackingx_refsource_REDHAT
    Date Public
    2023-04-21 00:00
    Credits
    Red Hat would like to thank ANSSI and Amossys for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:24.831Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-1636"
              },
              {
                "name": "RHBZ#2181765",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181765"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1636",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T14:59:54.638602Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T15:00:07.823Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "openstack-barbican",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unaffected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "Red Hat OpenStack Platform 17.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://repos.fedorapeople.org/repos/openstack/",
              "defaultStatus": "affected",
              "packageName": "openstack-barbican",
              "product": "OpenStack RDO",
              "vendor": "RDO"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank ANSSI and Amossys for reporting this issue."
            }
          ],
          "datePublic": "2023-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-653",
                  "description": "Improper Isolation or Compartmentalization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-24T00:09:03.770Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-1636"
            },
            {
              "name": "RHBZ#2181765",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181765"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-03-25T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-04-21T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Incomplete container isolation",
          "x_redhatCweChain": "CWE-653: Improper Isolation or Compartmentalization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-1636",
        "datePublished": "2023-09-24T00:09:03.770Z",
        "dateReserved": "2023-03-25T18:18:19.615Z",
        "dateUpdated": "2024-09-24T15:00:07.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1625 (GCVE-0-2023-1625)

    Vulnerability from cvelistv5 – Published: 2023-09-24 00:08 – Updated: 2024-09-24 14:59
    VLAI
    Title
    Information leak in api
    Summary
    An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-202 - Exposure of Sensitive Information Through Data Queries
    Assigner
    Date Public
    2023-01-27 00:00
    Credits
    Red Hat would like to thank Chengen Du (Canonical) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:24.554Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-1625"
              },
              {
                "name": "RHBZ#2181621",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181621"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.net/bugs/1999665"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1625",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-24T14:59:09.559299Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-24T14:59:25.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "openstack-heat",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unknown",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 16.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "Red Hat OpenStack Platform 17.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://repos.fedorapeople.org/repos/openstack/",
              "defaultStatus": "affected",
              "packageName": "openstack-heat",
              "product": "OpenStack RDO",
              "vendor": "RDO"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Chengen Du (Canonical) for reporting this issue."
            }
          ],
          "datePublic": "2023-01-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the \u0027stack show\u0027 command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-202",
                  "description": "Exposure of Sensitive Information Through Data Queries",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-24T00:08:12.738Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-1625"
            },
            {
              "name": "RHBZ#2181621",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181621"
            },
            {
              "url": "https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb"
            },
            {
              "url": "https://launchpad.net/bugs/1999665"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-03-24T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-01-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Information leak in api",
          "x_redhatCweChain": "CWE-202: Exposure of Sensitive Information Through Data Queries"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-1625",
        "datePublished": "2023-09-24T00:08:12.738Z",
        "dateReserved": "2023-03-24T19:25:35.529Z",
        "dateUpdated": "2024-09-24T14:59:25.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1108 (GCVE-0-2023-1108)

    Vulnerability from cvelistv5 – Published: 2023-09-14 14:48 – Updated: 2024-08-02 05:32
    VLAI
    Title
    Undertow: infinite loop in sslconduit during close
    Summary
    A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unaffected: 2.3.5
    Unaffected: 2.2.24
    Red Hat EAP 7.4.10 release     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat Fuse 7.12     cpe:/a:redhat:jboss_fuse:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.1.0     cpe:/a:redhat:jboss_enterprise_application_platform:7.4
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.2.22-1.SP3_redhat_00002.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:7.4.9-6.GA_redhat_00004.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.2.23-1.SP2_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Unaffected: 0:2.0.14-1.Final_redhat_00001.1.el8eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.2.22-1.SP3_redhat_00002.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:7.4.9-6.GA_redhat_00004.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.2.23-1.SP2_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Unaffected: 0:2.0.14-1.Final_redhat_00001.1.el9eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.2.22-1.SP3_redhat_00002.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:7.4.9-6.GA_redhat_00004.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.2.23-1.SP2_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Unaffected: 0:2.0.14-1.Final_redhat_00001.1.el7eap , < * (rpm)
        cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7     cpe:/a:redhat:red_hat_single_sign_on:7.6.4
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 7 Unaffected: 0:18.0.8-1.redhat_00001.1.el7sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 8 Unaffected: 0:18.0.8-1.redhat_00001.1.el8sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
    Create a notification for this product.
    Red Hat Red Hat Single Sign-On 7.6 for RHEL 9 Unaffected: 0:18.0.8-1.redhat_00001.1.el9sso , < * (rpm)
        cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
    Create a notification for this product.
    Red Hat Red Hat support for Spring Boot 2.7.13     cpe:/a:redhat:openshift_application_runtimes:1.0
    Create a notification for this product.
    Red Hat RHEL-8 based Middleware Containers Unaffected: 7.6-24 , < * (rpm)
        cpe:/a:redhat:rhosemc:1.0::el8
    Create a notification for this product.
    Red Hat RHPAM 7.13.1 async     cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
    Create a notification for this product.
    Red Hat Red Hat build of Quarkus     cpe:/a:redhat:quarkus:2
    Create a notification for this product.
    Red Hat Red Hat Data Grid 8     cpe:/a:redhat:jboss_data_grid:8
    Create a notification for this product.
    Red Hat Red Hat Integration Camel K     cpe:/a:redhat:integration:1
    Create a notification for this product.
    Red Hat Red Hat Integration Camel Quarkus     cpe:/a:redhat:camel_quarkus:2
    Create a notification for this product.
    Red Hat Red Hat Integration Service Registry     cpe:/a:redhat:service_registry:2
    Create a notification for this product.
    Red Hat Red Hat JBoss Data Grid 7     cpe:/a:redhat:jboss_data_grid:7
    Create a notification for this product.
    Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
    Create a notification for this product.
    Red Hat Red Hat JBoss Fuse 6     cpe:/a:redhat:jboss_fuse:6
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 13 (Queens)     cpe:/a:redhat:openstack:13
    Create a notification for this product.
    Date Public
    2023-03-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1108",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T18:37:50.625681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T18:38:02.186Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:46.370Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2023:1184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:1184"
              },
              {
                "name": "RHSA-2023:1185",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:1185"
              },
              {
                "name": "RHSA-2023:1512",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:1512"
              },
              {
                "name": "RHSA-2023:1513",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:1513"
              },
              {
                "name": "RHSA-2023:1514",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:1514"
              },
              {
                "name": "RHSA-2023:1516",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:1516"
              },
              {
                "name": "RHSA-2023:2135",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:2135"
              },
              {
                "name": "RHSA-2023:3883",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3883"
              },
              {
                "name": "RHSA-2023:3884",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3884"
              },
              {
                "name": "RHSA-2023:3885",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3885"
              },
              {
                "name": "RHSA-2023:3888",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3888"
              },
              {
                "name": "RHSA-2023:3892",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3892"
              },
              {
                "name": "RHSA-2023:3954",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:3954"
              },
              {
                "name": "RHSA-2023:4612",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2023:4612"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-1108"
              },
              {
                "name": "RHBZ#2174246",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231020-0002/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/undertow-io/undertow",
              "packageName": "io.undertow:undertow-core",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "2.3.5"
                },
                {
                  "status": "unaffected",
                  "version": "2.2.24"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "product": "EAP 7.4.10 release",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Fuse 7.12",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.1.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.22-1.SP3_redhat_00002.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.9-6.GA_redhat_00004.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.23-1.SP2_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.14-1.Final_redhat_00001.1.el8eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.22-1.SP3_redhat_00002.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.9-6.GA_redhat_00004.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.23-1.SP2_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.14-1.Final_redhat_00001.1.el9eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.22-1.SP3_redhat_00002.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-wildfly",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:7.4.9-6.GA_redhat_00004.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.2.23-1.SP2_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "eap7-undertow-jastow",
              "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:2.0.14-1.Final_redhat_00001.1.el7eap",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6.4"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Single Sign-On 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.8-1.redhat_00001.1.el7sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.8-1.redhat_00001.1.el8sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso7-keycloak",
              "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:18.0.8-1.redhat_00001.1.el9sso",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openshift_application_runtimes:1.0"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat support for Spring Boot 2.7.13",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhosemc:1.0::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "rh-sso-7/sso76-openshift-rhel8",
              "product": "RHEL-8 based Middleware Containers",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.6-24",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "RHPAM 7.13.1 async",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:quarkus:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "io.quarkus/quarkus-undertow",
              "product": "Red Hat build of Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Data Grid 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:integration:1"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel K",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:camel_quarkus:2"
              ],
              "defaultStatus": "unaffected",
              "packageName": "undertow",
              "product": "Red Hat Integration Camel Quarkus",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:service_registry:2"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat Integration Service Registry",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_data_grid:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Data Grid 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jbosseapxp"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
              "cpes": [
                "cpe:/a:redhat:jboss_fuse:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "undertow",
              "product": "Red Hat JBoss Fuse 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "undertow",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2023-03-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T15:32:32.904Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2023:1184",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:1184"
            },
            {
              "name": "RHSA-2023:1185",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:1185"
            },
            {
              "name": "RHSA-2023:1512",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:1512"
            },
            {
              "name": "RHSA-2023:1513",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:1513"
            },
            {
              "name": "RHSA-2023:1514",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:1514"
            },
            {
              "name": "RHSA-2023:1516",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:1516"
            },
            {
              "name": "RHSA-2023:2135",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:2135"
            },
            {
              "name": "RHSA-2023:3883",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:3883"
            },
            {
              "name": "RHSA-2023:3884",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:3884"
            },
            {
              "name": "RHSA-2023:3885",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:3885"
            },
            {
              "name": "RHSA-2023:3888",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:3888"
            },
            {
              "name": "RHSA-2023:3892",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:3892"
            },
            {
              "name": "RHSA-2023:3954",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:3954"
            },
            {
              "name": "RHSA-2023:4612",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2023:4612"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-1108"
            },
            {
              "name": "RHBZ#2174246",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246"
            },
            {
              "url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231020-0002/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-02-07T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-03-07T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Undertow: infinite loop in sslconduit during close",
          "x_redhatCweChain": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-1108",
        "datePublished": "2023-09-14T14:48:58.869Z",
        "dateReserved": "2023-03-01T00:27:23.587Z",
        "dateUpdated": "2024-08-02T05:32:46.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2680 (GCVE-0-2023-2680)

    Vulnerability from cvelistv5 – Published: 2023-09-13 16:50 – Updated: 2025-02-13 16:44
    VLAI
    Title
    Dma reentrancy issue (incomplete fix for cve-2021-3750)
    Summary
    This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.
    CWE
    Assigner
    Date Public
    2023-05-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.478Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-2680"
              },
              {
                "name": "RHBZ#2203387",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231116-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "qemu",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm-ma",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "virt:rhel/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_virtualization:8::el8"
              ],
              "defaultStatus": "unaffected",
              "packageName": "virt:av/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm-rhev",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "qemu",
              "product": "Fedora",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "qemu",
              "product": "Extra Packages for Enterprise Linux",
              "vendor": "Fedora"
            }
          ],
          "datePublic": "2023-05-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-16T15:07:43.093Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-2680"
            },
            {
              "name": "RHBZ#2203387",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231116-0001/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-05-10T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-05-12T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Dma reentrancy issue (incomplete fix for cve-2021-3750)",
          "x_redhatCweChain": "CWE-416: Use After Free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-2680",
        "datePublished": "2023-09-13T16:50:53.532Z",
        "dateReserved": "2023-05-12T09:57:43.190Z",
        "dateUpdated": "2025-02-13T16:44:57.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3301 (GCVE-0-2023-3301)

    Vulnerability from cvelistv5 – Published: 2023-09-13 16:09 – Updated: 2025-02-13 16:55
    VLAI
    Title
    Triggerable assertion due to race condition in hot-unplug
    Summary
    A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2023-06-19 00:00
    Credits
    This issue was discovered by Eugenio Perez Martin (Red Hat).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:08.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3301"
              },
              {
                "name": "RHBZ#2215784",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20231020-0008/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3301",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-25T17:39:47.385450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-25T17:39:58.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "qemu",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "8.1.0-rc0"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "qemu-kvm-ma",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "virt:rhel/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_virtualization:8::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "virt:av/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "unknown",
              "packageName": "qemu-kvm-rhev",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "qemu",
              "product": "Extra Packages for Enterprise Linux",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "affected",
              "packageName": "qemu",
              "product": "Fedora",
              "vendor": "Fedora"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Eugenio Perez Martin (Red Hat)."
            }
          ],
          "datePublic": "2023-06-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T14:06:34.548Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-3301"
            },
            {
              "name": "RHBZ#2215784",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20231020-0008/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-03-14T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-06-19T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Triggerable assertion due to race condition in hot-unplug",
          "x_redhatCweChain": "CWE-362-\u003eCWE-617: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Reachable Assertion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3301",
        "datePublished": "2023-09-13T16:09:36.861Z",
        "dateReserved": "2023-06-17T16:48:21.977Z",
        "dateUpdated": "2025-02-13T16:55:04.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3354 (GCVE-0-2023-3354)

    Vulnerability from cvelistv5 – Published: 2023-07-11 16:16 – Updated: 2025-02-13 16:55
    VLAI
    Title
    Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
    Summary
    A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Date Public
    2023-06-28 00:00
    Credits
    Red Hat would like to thank jiangyegen (Huawei Vulnerability Management Center) and yexiao7 (Huawei Vulnerability Management Center) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:00.939Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-3354"
              },
              {
                "name": "RHBZ#2216478",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216478"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "qemu",
              "vendor": "n/a"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unaffected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "qemu-kvm-ma",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "virt:rhel/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:advanced_virtualization:8::el8"
              ],
              "defaultStatus": "affected",
              "packageName": "virt:av/qemu-kvm",
              "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:9"
              ],
              "defaultStatus": "affected",
              "packageName": "qemu-kvm",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "qemu-kvm-rhev",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "affected",
              "packageName": "qemu",
              "product": "Fedora",
              "vendor": "Fedora"
            },
            {
              "collectionURL": "https://packages.fedoraproject.org/",
              "defaultStatus": "unaffected",
              "packageName": "qemu",
              "product": "Extra Packages for Enterprise Linux",
              "vendor": "Fedora"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank jiangyegen (Huawei Vulnerability Management Center) and yexiao7 (Huawei Vulnerability Management Center) for reporting this issue."
            }
          ],
          "datePublic": "2023-06-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-11T18:05:59.059Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-3354"
            },
            {
              "name": "RHBZ#2216478",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216478"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-21T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2023-06-28T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service",
          "x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-3354",
        "datePublished": "2023-07-11T16:16:56.294Z",
        "dateReserved": "2023-06-21T12:33:29.897Z",
        "dateUpdated": "2025-02-13T16:55:08.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-0270 (GCVE-0-2013-0270)

    Vulnerability from cvelistv5 – Published: 2013-04-12 22:00 – Updated: 2026-04-07 06:55
    VLAI
    Title
    Keystone: openstack keystone: denial of service via large http request with long tenant name
    Summary
    A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.
    CWE
    • CWE-1284 - Improper Validation of Specified Quantity in Input
    Assigner
    Date Public
    2013-04-12 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:18:09.668Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/keystone/grizzly/2013.1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909012"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/keystone/+bug/1099025"
              },
              {
                "name": "RHSA-2013:0708",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2013-04-12T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1284",
                  "description": "Improper Validation of Specified Quantity in Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T06:55:17.958Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2013-0270"
            },
            {
              "url": "https://bugs.launchpad.net/keystone/+bug/1099025"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909012"
            },
            {
              "url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"
            },
            {
              "url": "https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"
            },
            {
              "url": "https://launchpad.net/keystone/grizzly/2013.1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-02T15:03:35.327Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2013-04-12T22:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Keystone: openstack keystone: denial of service via large http request with long tenant name",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1284: Improper Validation of Specified Quantity in Input"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-0270",
        "datePublished": "2013-04-12T22:00:00.000Z",
        "dateReserved": "2012-12-06T00:00:00.000Z",
        "dateUpdated": "2026-04-07T06:55:17.958Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2012-5571 (GCVE-0-2012-5571)

    Vulnerability from cvelistv5 – Published: 2012-12-18 01:00 – Updated: 2026-04-07 06:55
    VLAI
    Title
    Openstack keystone: openstack keystone: authorization bypass via improper ec2 token handling
    Summary
    A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Date Public
    2012-12-18 01:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:15.748Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
              },
              {
                "name": "RHSA-2012:1557",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
              },
              {
                "name": "RHSA-2012:1556",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
              },
              {
                "name": "[oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
              },
              {
                "name": "USN-1641-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1641-1"
              },
              {
                "name": "keystone-tenant-sec-bypass(80333)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/keystone/+bug/1064914"
              },
              {
                "name": "[oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
              },
              {
                "name": "51423",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51423"
              },
              {
                "name": "56726",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56726"
              },
              {
                "name": "51436",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/51436"
              },
              {
                "name": "FEDORA-2012-19341",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:13"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 13 (Queens)",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:16.2"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 16.2",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:17.1"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 17.1",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "openstack-keystone",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:openstack:18.0"
              ],
              "defaultStatus": "affected",
              "packageName": "redhat-user-workloads/openstack-keystone",
              "product": "Red Hat OpenStack Platform 18.0",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2012-12-18T01:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user\u0027s role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T06:55:17.789Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
            },
            {
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
            },
            {
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
            },
            {
              "url": "http://secunia.com/advisories/51423"
            },
            {
              "url": "http://secunia.com/advisories/51436"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
            },
            {
              "url": "http://www.securityfocus.com/bid/56726"
            },
            {
              "url": "http://www.ubuntu.com/usn/USN-1641-1"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2012-5571"
            },
            {
              "url": "https://bugs.launchpad.net/keystone/+bug/1064914"
            },
            {
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
            },
            {
              "url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
            },
            {
              "url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
            },
            {
              "url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-02T15:02:50.229Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2012-12-18T01:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Openstack keystone: openstack keystone: authorization bypass via improper ec2 token handling",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5571",
        "datePublished": "2012-12-18T01:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2026-04-07T06:55:17.789Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }