Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-29409 (GCVE-0-2023-29409)
Vulnerability from cvelistv5 – Published: 2023-08-02 19:47 – Updated: 2025-02-13 16:49
VLAI
EPSS
Title
Large RSA keys can cause high CPU usage in crypto/tls
Summary
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.
Severity
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/tls |
Affected:
0 , < 1.19.12
(semver)
Affected: 1.20.0-0 , < 1.20.7 (semver) Affected: 1.21.0-0 , < 1.21.0-rc.4 (semver) |
Credits
Mateusz Poliwczak
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/61460"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/515257"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0010/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T14:15:51.334084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T14:16:01.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/tls",
"product": "crypto/tls",
"programRoutines": [
{
"name": "Conn.verifyServerCertificate"
},
{
"name": "Conn.processCertsFromClient"
},
{
"name": "Conn.Handshake"
},
{
"name": "Conn.HandshakeContext"
},
{
"name": "Conn.Read"
},
{
"name": "Conn.Write"
},
{
"name": "Dial"
},
{
"name": "DialWithDialer"
},
{
"name": "Dialer.Dial"
},
{
"name": "Dialer.DialContext"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.19.12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.20.7",
"status": "affected",
"version": "1.20.0-0",
"versionType": "semver"
},
{
"lessThan": "1.21.0-rc.4",
"status": "affected",
"version": "1.21.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mateusz Poliwczak"
}
],
"descriptions": [
{
"lang": "en",
"value": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-25T11:09:25.696Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/61460"
},
{
"url": "https://go.dev/cl/515257"
},
{
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230831-0010/"
},
{
"url": "https://security.gentoo.org/glsa/202311-09"
}
],
"title": "Large RSA keys can cause high CPU usage in crypto/tls"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2023-29409",
"datePublished": "2023-08-02T19:47:23.829Z",
"dateReserved": "2023-04-05T19:36:35.043Z",
"dateUpdated": "2025-02-13T16:49:16.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-29409",
"date": "2026-05-27",
"epss": "0.00115",
"percentile": "0.29653"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-29409\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2023-08-02T20:15:11.940\",\"lastModified\":\"2024-11-21T07:57:00.287\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.19.12\",\"matchCriteriaId\":\"6A0D798F-972E-4789-9E60-F04864ACC5A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.20.0\",\"versionEndExcluding\":\"1.20.7\",\"matchCriteriaId\":\"98D9EFA9-C8A8-4C27-A1F2-DE9798D725FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.21.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"64DE500E-0A99-4890-9D6E-0FBA9E9C3E0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.21.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA9BD1EF-0172-4779-80DC-E316F5361D27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.21.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"80DFE31C-60CD-46E2-B86A-2C8E9057AFEA\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/515257\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/61460\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-1987\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"security@golang.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230831-0010/\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/cl/515257\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/61460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-1987\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230831-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://go.dev/issue/61460\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://go.dev/cl/515257\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://pkg.go.dev/vuln/GO-2023-1987\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230831-0010/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:07:46.160Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-29409\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-22T14:15:51.334084Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-22T14:15:57.131Z\"}}], \"cna\": {\"title\": \"Large RSA keys can cause high CPU usage in crypto/tls\", \"credits\": [{\"lang\": \"en\", \"value\": \"Mateusz Poliwczak\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/tls\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.19.12\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.20.0-0\", \"lessThan\": \"1.20.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.21.0-0\", \"lessThan\": \"1.21.0-rc.4\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/tls\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Conn.verifyServerCertificate\"}, {\"name\": \"Conn.processCertsFromClient\"}, {\"name\": \"Conn.Handshake\"}, {\"name\": \"Conn.HandshakeContext\"}, {\"name\": \"Conn.Read\"}, {\"name\": \"Conn.Write\"}, {\"name\": \"Dial\"}, {\"name\": \"DialWithDialer\"}, {\"name\": \"Dialer.Dial\"}, {\"name\": \"Dialer.DialContext\"}]}], \"references\": [{\"url\": \"https://go.dev/issue/61460\"}, {\"url\": \"https://go.dev/cl/515257\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2023-1987\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230831-0010/\"}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2023-08-02T19:47:23.829Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-29409\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-22T14:16:01.839Z\", \"dateReserved\": \"2023-04-05T19:36:35.043Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2023-08-02T19:47:23.829Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2023:5965
Vulnerability from csaf_redhat - Published: 2023-10-20 14:54 - Updated: 2026-05-28 02:51Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats, etcd) security update
Severity
Important
Notes
Topic: An update for collectd-libpod-stats and etcd is now available for Red Hat OpenStack Platform 16.2.5 (Train).
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: A highly-available key value store for shared configuration
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
6.5 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Threats
Impact
Moderate
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
37 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for collectd-libpod-stats and etcd is now available for Red Hat OpenStack Platform 16.2.5 (Train).\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A highly-available key value store for shared configuration\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5965",
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5965.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats, etcd) security update",
"tracking": {
"current_release_date": "2026-05-28T02:51:19+00:00",
"generator": {
"date": "2026-05-28T02:51:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5965",
"initial_release_date": "2023-10-20T14:54:26+00:00",
"revision_history": [
{
"date": "2023-10-20T14:54:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T14:54:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:51:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.2",
"product": {
"name": "Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.src",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.src",
"product_id": "etcd-0:3.3.23-15.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"product": {
"name": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"product_id": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest@1.4.1-2.20230111145026.f7718ef.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang@1.4.1-2.20230111145026.f7718ef.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product": {
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_id": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest-debugsource@1.4.1-2.20230111145026.f7718ef.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang-debuginfo@1.4.1-2.20230111145026.f7718ef.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product": {
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_id": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang@1.4.1-2.20230111145026.f7718ef.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product": {
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_id": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest-debugsource@1.4.1-2.20230111145026.f7718ef.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_id": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang-debuginfo@1.4.1-2.20230111145026.f7718ef.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"product": {
"name": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"product_id": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest@1.4.1-2.20230111145026.f7718ef.el8ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.src as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src"
},
"product_reference": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le"
},
"product_reference": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
},
"product_reference": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch"
},
"product_reference": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le"
},
"product_reference": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le"
},
"product_reference": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"known_not_affected": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"known_not_affected": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"known_not_affected": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5969
Vulnerability from csaf_redhat - Published: 2023-10-20 14:51 - Updated: 2026-05-28 02:51Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 security update
Severity
Important
Notes
Topic: An update for collectd-libpod-stats, etcd, and python-octavia-tests-tempest is now available for Red Hat OpenStack Platform 17.1.1.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The etcd packages provide a highly available key-value store for shared configuration.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src | — | ||
| Unresolved product id: 9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64 | — | ||
| Unresolved product id: 9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64 | — | ||
| Unresolved product id: 9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64 | — | ||
| Unresolved product id: 9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src | — | ||
| Unresolved product id: 9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64 | — | ||
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch | — | ||
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64 | — | ||
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for collectd-libpod-stats, etcd, and python-octavia-tests-tempest is now available for Red Hat OpenStack Platform 17.1.1.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The etcd packages provide a highly available key-value store for shared configuration.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5969",
"url": "https://access.redhat.com/errata/RHSA-2023:5969"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5969.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 security update",
"tracking": {
"current_release_date": "2026-05-28T02:51:20+00:00",
"generator": {
"date": "2026-05-28T02:51:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5969",
"initial_release_date": "2023-10-20T14:51:03+00:00",
"revision_history": [
{
"date": "2023-10-20T14:51:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T14:51:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:51:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 17.1",
"product": {
"name": "Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:17.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.4.26-3.el9ost.src",
"product": {
"name": "etcd-0:3.4.26-3.el9ost.src",
"product_id": "etcd-0:3.4.26-3.el9ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.4.26-3.el9ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"product": {
"name": "collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"product_id": "collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.5-6.el9ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"product": {
"name": "python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"product_id": "python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest@1.9.0-1.20230509101018.el9ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.4.26-3.el9ost.x86_64",
"product": {
"name": "etcd-0:3.4.26-3.el9ost.x86_64",
"product_id": "etcd-0:3.4.26-3.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.4.26-3.el9ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"product": {
"name": "etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"product_id": "etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.4.26-3.el9ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"product": {
"name": "etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"product_id": "etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.4.26-3.el9ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"product": {
"name": "collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"product_id": "collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.5-6.el9ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang@1.9.0-1.20230509101018.el9ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product": {
"name": "python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product_id": "python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest-debugsource@1.9.0-1.20230509101018.el9ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang-debuginfo@1.9.0-1.20230509101018.el9ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"product": {
"name": "python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"product_id": "python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest@1.9.0-1.20230509101018.el9ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.5-6.el9ost.src as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src"
},
"product_reference": "collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64"
},
"product_reference": "collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.4.26-3.el9ost.src as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src"
},
"product_reference": "etcd-0:3.4.26-3.el9ost.src",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.4.26-3.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64"
},
"product_reference": "etcd-0:3.4.26-3.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.4.26-3.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.4.26-3.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src"
},
"product_reference": "python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64"
},
"product_reference": "python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch"
},
"product_reference": "python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64",
"relates_to_product_reference": "9Base-RHOS-17.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64"
],
"known_not_affected": [
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5969"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64"
],
"known_not_affected": [
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5969"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:51:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5969"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.src",
"9Base-RHOS-17.1:collectd-libpod-stats-0:1.0.5-6.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.src",
"9Base-RHOS-17.1:etcd-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debuginfo-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:etcd-debugsource-0:3.4.26-3.el9ost.x86_64",
"9Base-RHOS-17.1:python-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.src",
"9Base-RHOS-17.1:python-octavia-tests-tempest-debugsource-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-0:1.9.0-1.20230509101018.el9ost.noarch",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-0:1.9.0-1.20230509101018.el9ost.x86_64",
"9Base-RHOS-17.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.9.0-1.20230509101018.el9ost.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5971
Vulnerability from csaf_redhat - Published: 2023-10-20 14:56 - Updated: 2026-05-28 02:51Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 (director-operator) security update
Severity
Important
Notes
Topic: An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 17.1.1.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 17.1.1.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5971",
"url": "https://access.redhat.com/errata/RHSA-2023:5971"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5971.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 (director-operator) security update",
"tracking": {
"current_release_date": "2026-05-28T02:51:20+00:00",
"generator": {
"date": "2026-05-28T02:51:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5971",
"initial_release_date": "2023-10-20T14:56:06+00:00",
"revision_history": [
{
"date": "2023-10-20T14:56:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T14:56:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:51:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 17.1",
"product": {
"name": "Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:17.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"product": {
"name": "rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"product_id": "rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9/osp-director-agent\u0026tag=1.3.1-11"
}
}
},
{
"category": "product_version",
"name": "rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"product": {
"name": "rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"product_id": "rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9/osp-director-downloader\u0026tag=1.3.1-9"
}
}
},
{
"category": "product_version",
"name": "rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"product": {
"name": "rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"product_id": "rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle\u0026tag=1.3.1-18"
}
}
},
{
"category": "product_version",
"name": "rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64",
"product": {
"name": "rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64",
"product_id": "rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9/osp-director-operator\u0026tag=1.3.1-11"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64"
},
"product_reference": "rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64"
},
"product_reference": "rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64"
},
"product_reference": "rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"relates_to_product_reference": "9Base-RHOS-17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64"
},
"product_reference": "rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64",
"relates_to_product_reference": "9Base-RHOS-17.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:56:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5971"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:56:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5971"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:56:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5971"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:10b51664c656a13faaeb88dbdf8a212006ebcf144b473c3df4366b26716595ca_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:8f2ce2bf02b1b9c4459abdf4074245715aa38445dccdb103c9d7666bb2986046_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:ab0228b2f438f9d6684b6ab270988b46c7e66588abf2c323605f0759e52fd27b_amd64",
"9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:234d616518185e0cedbc3ba80bcb92f81cfdfa20854387aefa472a87c978bde3_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5974
Vulnerability from csaf_redhat - Published: 2023-10-20 16:49 - Updated: 2026-05-28 02:51Summary
Red Hat Security Advisory: Network Observability security update
Severity
Important
Notes
Topic: An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-operator-container is now available for NETWORK-OBSERVABILITY-1.4.0-RHEL-9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64 | — |
Threats
Impact
Moderate
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64 | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64 | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
70 references
Acknowledgments
GMO Cybersecurity by Ierae, Inc.
Takeshi Kaneko
Martin Seemann
Marten Seemann
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-operator-container is now available for NETWORK-OBSERVABILITY-1.4.0-RHEL-9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)\n\n* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5974",
"url": "https://access.redhat.com/errata/RHSA-2023:5974"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "NETOBSERV-1344",
"url": "https://issues.redhat.com/browse/NETOBSERV-1344"
},
{
"category": "external",
"summary": "NETOBSERV-926",
"url": "https://issues.redhat.com/browse/NETOBSERV-926"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5974.json"
}
],
"title": "Red Hat Security Advisory: Network Observability security update",
"tracking": {
"current_release_date": "2026-05-28T02:51:20+00:00",
"generator": {
"date": "2026-05-28T02:51:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5974",
"initial_release_date": "2023-10-20T16:49:58+00:00",
"revision_history": [
{
"date": "2023-10-20T16:49:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T16:49:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:51:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NETOBSERV 1.4 for RHEL 9",
"product": {
"name": "NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_observ_optr:1.4.0::el9"
}
}
}
],
"category": "product_family",
"name": "Network Observability"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.4.0-51"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.4.0-51"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.4.0-51"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.4.0-70"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.4.0-51"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.4.0-51"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.4.0-51"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.4.0-51"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"product_id": "network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.4.0-70"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.4.0-51"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.4.0-51"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.4.0-51"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.4.0-51"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"product_id": "network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.4.0-70"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.4.0-51"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.4.0-51"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.4.0-51"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.4.0-51"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.4.0-70"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.4.0-51"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T16:49:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5974"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T16:49:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5974"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39318",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237776"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of HTML-like comments within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39318"
},
{
"category": "external",
"summary": "RHBZ#2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318"
},
{
"category": "external",
"summary": "https://go.dev/cl/526156",
"url": "https://go.dev/cl/526156"
},
{
"category": "external",
"summary": "https://go.dev/issue/62196",
"url": "https://go.dev/issue/62196"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2041.json",
"url": "https://vuln.go.dev/ID/GO-2023-2041.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T16:49:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5974"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of HTML-like comments within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39319",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237773"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of special tags within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39319"
},
{
"category": "external",
"summary": "RHBZ#2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319"
},
{
"category": "external",
"summary": "https://go.dev/cl/526157",
"url": "https://go.dev/cl/526157"
},
{
"category": "external",
"summary": "https://go.dev/issue/62197",
"url": "https://go.dev/issue/62197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2043.json",
"url": "https://vuln.go.dev/ID/GO-2023-2043.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T16:49:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5974"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of special tags within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw has been marked as moderate instead of high like NVD \nQUICConn.HandleData buffers data and passes it to handlePostHandshakeMessage every time the buffer contains a complete message, while HandleData doesn\u0027t limit the amount of data it can buffer, a panic or denial of service would likely be lower severity,also in order to exploit this vulnerability, an attacker would have to smuggle partial handshake data which might be rejected altogether as per tls RFC specification.Therfore because of a lower severity denial of service and conditions that are beyond the scope of attackers control,we have marked this as moderate severity",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T16:49:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5974"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A vulnerability was found in the Go QUIC protocol implementation in the logic that processes post-handshake messages. It is an uncontrolled resource consumption flaw, triggered when a malicious connection sends data without an enforced upper bound. This leads to unbounded memory growth, causing the service to crash and resulting in a denial of service.The single-dimensional impact of denial of service and the added complexity of whether the resource exhaustion would happen, being out of an attacker\u0027s control,this has been rated as moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T16:49:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5974"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T16:49:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5974"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T16:49:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5974"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5976
Vulnerability from csaf_redhat - Published: 2023-10-20 17:18 - Updated: 2026-05-28 02:51Summary
Red Hat Security Advisory: Service Telemetry Framework 1.5.2 security update
Severity
Important
Notes
Topic: An update is now available for Service Telemetry Framework 1.5.2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
* golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532)
* golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.
5.3 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
6.5 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
62 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Service Telemetry Framework 1.5.2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532)\n\n* golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5976",
"url": "https://access.redhat.com/errata/RHSA-2023:5976"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "2184483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184483"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2223355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223355"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5976.json"
}
],
"title": "Red Hat Security Advisory: Service Telemetry Framework 1.5.2 security update",
"tracking": {
"current_release_date": "2026-05-28T02:51:20+00:00",
"generator": {
"date": "2026-05-28T02:51:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5976",
"initial_release_date": "2023-10-20T17:18:33+00:00",
"revision_history": [
{
"date": "2023-10-20T17:18:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T17:18:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:51:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Service Telemetry Framework 1.5 for RHEL 8",
"product": {
"name": "Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:stf:1.5::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"product": {
"name": "stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"product_id": "stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b?arch=amd64\u0026repository_url=registry.redhat.io/stf/prometheus-webhook-snmp-rhel8\u0026tag=1.5.2-8"
}
}
},
{
"category": "product_version",
"name": "stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"product": {
"name": "stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"product_id": "stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"product_identification_helper": {
"purl": "pkg:oci/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40?arch=amd64\u0026repository_url=registry.redhat.io/stf/service-telemetry-operator-bundle\u0026tag=1.5.1697612918-1"
}
}
},
{
"category": "product_version",
"name": "stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"product": {
"name": "stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"product_id": "stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"product_identification_helper": {
"purl": "pkg:oci/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07?arch=amd64\u0026repository_url=registry.redhat.io/stf/service-telemetry-rhel8-operator\u0026tag=1.5.1-8"
}
}
},
{
"category": "product_version",
"name": "stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"product": {
"name": "stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"product_id": "stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"product_identification_helper": {
"purl": "pkg:oci/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830?arch=amd64\u0026repository_url=registry.redhat.io/stf/sg-bridge-rhel8\u0026tag=1.5.0-18"
}
}
},
{
"category": "product_version",
"name": "stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"product": {
"name": "stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"product_id": "stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e?arch=amd64\u0026repository_url=registry.redhat.io/stf/sg-core-rhel8\u0026tag=5.1.1-8"
}
}
},
{
"category": "product_version",
"name": "stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"product": {
"name": "stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"product_id": "stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"product_identification_helper": {
"purl": "pkg:oci/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767?arch=amd64\u0026repository_url=registry.redhat.io/stf/smart-gateway-operator-bundle\u0026tag=5.0.1697612918-1"
}
}
},
{
"category": "product_version",
"name": "stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64",
"product": {
"name": "stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64",
"product_id": "stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec?arch=amd64\u0026repository_url=registry.redhat.io/stf/smart-gateway-rhel8-operator\u0026tag=5.0.1-9"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64"
},
"product_reference": "stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64"
},
"product_reference": "stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64"
},
"product_reference": "stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64"
},
"product_reference": "stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64"
},
"product_reference": "stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64"
},
"product_reference": "stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64 as a component of Service Telemetry Framework 1.5 for RHEL 8",
"product_id": "8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
},
"product_reference": "stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64",
"relates_to_product_reference": "8Base-STF-1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41724",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178492"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: large handshake records may cause panics",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41724"
},
{
"category": "external",
"summary": "RHBZ#2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724"
},
{
"category": "external",
"summary": "https://go.dev/cl/468125",
"url": "https://go.dev/cl/468125"
},
{
"category": "external",
"summary": "https://go.dev/issue/58001",
"url": "https://go.dev/issue/58001"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1570",
"url": "https://pkg.go.dev/vuln/GO-2023-1570"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T17:18:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5976"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: large handshake records may cause panics"
},
{
"cve": "CVE-2023-24532",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2023-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2223355"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24532"
},
{
"category": "external",
"summary": "RHBZ#2223355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223355"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24532",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24532"
},
{
"category": "external",
"summary": "https://go.dev/cl/471255",
"url": "https://go.dev/cl/471255"
},
{
"category": "external",
"summary": "https://go.dev/issue/58647",
"url": "https://go.dev/issue/58647"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY",
"url": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1621",
"url": "https://pkg.go.dev/vuln/GO-2023-1621"
}
],
"release_date": "2023-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T17:18:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5976"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results"
},
{
"cve": "CVE-2023-24534",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184483"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, net/textproto: denial of service from excessive memory allocation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24534"
},
{
"category": "external",
"summary": "RHBZ#2184483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184483"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534"
},
{
"category": "external",
"summary": "https://go.dev/issue/58975",
"url": "https://go.dev/issue/58975"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
"url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
}
],
"release_date": "2023-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T17:18:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5976"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, net/textproto: denial of service from excessive memory allocation"
},
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T17:18:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5976"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T17:18:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5976"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T17:18:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5976"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T17:18:33+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5976"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-STF-1.5:stf/prometheus-webhook-snmp-rhel8@sha256:e261f596dc4f13cf45981d4415cb17d0314c66ad105b5aa31898f7364185233b_amd64",
"8Base-STF-1.5:stf/service-telemetry-operator-bundle@sha256:583b8fc7bd18b79b146274c0b6ca0e8ebc14e7dfb389bd2a01fcf18744ab7d40_amd64",
"8Base-STF-1.5:stf/service-telemetry-rhel8-operator@sha256:627b664de828007e469d329253e50ff91cea19ead36353d11d313b6692913d07_amd64",
"8Base-STF-1.5:stf/sg-bridge-rhel8@sha256:1725eae2e4232e99412c73e6e4b6eabab8f8ce7f13e2106701974c5cfeeb5830_amd64",
"8Base-STF-1.5:stf/sg-core-rhel8@sha256:d870784a543045e6b14519df1658864fa0ea22885465bd6630232aeaa1f9ee7e_amd64",
"8Base-STF-1.5:stf/smart-gateway-operator-bundle@sha256:f8bb700696897363678fcd0ce466fd9e9ffcddad263476a42673d516724b9767_amd64",
"8Base-STF-1.5:stf/smart-gateway-rhel8-operator@sha256:9c3256a9e48b535413e4a4633d1404adbea0239c644569032cd63f991c5051ec_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6031
Vulnerability from csaf_redhat - Published: 2023-10-23 14:24 - Updated: 2026-05-28 02:51Summary
Red Hat Security Advisory: Cryostat security update
Severity
Important
Notes
Topic: An update is now available for Cryostat 2 on RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: An update is now available for Cryostat 2 on RHEL 8.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang.org/x/net/html: Cross site scripting (CVE-2023-3978)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim's cookie-based authentication credentials.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
Threats
Impact
Moderate
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — | ||
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
62 references
Acknowledgments
Martin Seemann
Marten Seemann
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Cryostat 2 on RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for Cryostat 2 on RHEL 8.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang.org/x/net/html: Cross site scripting (CVE-2023-3978)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6031",
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/errata/RHSA-2023:5455",
"url": "https://access.redhat.com/errata/RHSA-2023:5455"
},
{
"category": "external",
"summary": "https://access.redhat.com/containers",
"url": "https://access.redhat.com/containers"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2228689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228689"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6031.json"
}
],
"title": "Red Hat Security Advisory: Cryostat security update",
"tracking": {
"current_release_date": "2026-05-28T02:51:22+00:00",
"generator": {
"date": "2026-05-28T02:51:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6031",
"initial_release_date": "2023-10-23T14:24:36+00:00",
"revision_history": [
{
"date": "2023-10-23T14:24:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T14:24:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:51:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 2 on RHEL 8",
"product": {
"name": "Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:2::el8"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=2.3.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=2.3.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.3.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.3.1-8"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.3.1-11"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.3.1-8"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3978",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim\u0027s web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Cross site scripting",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3978"
},
{
"category": "external",
"summary": "RHBZ#2228689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3978",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3978"
},
{
"category": "external",
"summary": "https://go.dev/cl/514896",
"url": "https://go.dev/cl/514896"
},
{
"category": "external",
"summary": "https://go.dev/issue/61615",
"url": "https://go.dev/issue/61615"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1988",
"url": "https://pkg.go.dev/vuln/GO-2023-1988"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Cross site scripting"
},
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw has been marked as moderate instead of high like NVD \nQUICConn.HandleData buffers data and passes it to handlePostHandshakeMessage every time the buffer contains a complete message, while HandleData doesn\u0027t limit the amount of data it can buffer, a panic or denial of service would likely be lower severity,also in order to exploit this vulnerability, an attacker would have to smuggle partial handshake data which might be rejected altogether as per tls RFC specification.Therfore because of a lower severity denial of service and conditions that are beyond the scope of attackers control,we have marked this as moderate severity",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A vulnerability was found in the Go QUIC protocol implementation in the logic that processes post-handshake messages. It is an uncontrolled resource consumption flaw, triggered when a malicious connection sends data without an enforced upper bound. This leads to unbounded memory growth, causing the service to crash and resulting in a denial of service.The single-dimensional impact of denial of service and the added complexity of whether the resource exhaustion would happen, being out of an attacker\u0027s control,this has been rated as moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"known_not_affected": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T14:24:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:25214921951dbb2ce9eeda23ce3cce3291a789436927beff1317541a68554fa9_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:8d4dd000a817aec11eef4303c9d17bc92b809f313796ae360d00101a3a04bf86_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:5408e8448ab25072a2fc0a018105e52668d239b7449b9abe6c44c57c439c34a1_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:15459ee1c5ec24cdfaf2427d6aa3c4fe1fa89d58608217a0dbdae709c99ba877_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:90305e17793e3a1275a5611745d1c6c8b056198c3e82283b50df85e747f09193_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:a0445fffa148a3cf471adbb288a07d175d7e2950d12c0f99cc56f709f4b60f29_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6085
Vulnerability from csaf_redhat - Published: 2023-10-24 15:32 - Updated: 2026-05-28 02:51Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing security update
Severity
Important
Notes
Topic: An update is now available for Red Hat Openshift distributed tracing 2.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
6.5 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
68 references
Acknowledgments
GMO Cybersecurity by Ierae, Inc.
Takeshi Kaneko
Martin Seemann
Marten Seemann
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Openshift distributed tracing 2.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)\n\n* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6085",
"url": "https://access.redhat.com/errata/RHSA-2023:6085"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6085.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing security update",
"tracking": {
"current_release_date": "2026-05-28T02:51:27+00:00",
"generator": {
"date": "2026-05-28T02:51:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6085",
"initial_release_date": "2023-10-24T15:32:35+00:00",
"revision_history": [
{
"date": "2023-10-24T15:32:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-24T15:32:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:51:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 2.9",
"product": {
"name": "Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"product": {
"name": "rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"product_id": "rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-operator-bundle\u0026tag=1.47.1-10"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.81.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"product": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"product_id": "rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-operator-bundle\u0026tag=0.81.1-8"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.81.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"product_id": "rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.1.1-9"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=742e3d3-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"product": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"product_id": "rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8\u0026tag=fe53f40-1"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"product": {
"name": "rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"product_id": "rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-operator-bundle\u0026tag=0.3.1-7"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.3.1-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"product_id": "rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.3.1-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"product": {
"name": "rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"product_id": "rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-operator-bundle\u0026tag=1.47.1-10"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.81.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"product_id": "rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-operator-bundle\u0026tag=0.81.1-8"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.81.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"product_id": "rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.1.1-9"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=742e3d3-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"product": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"product_id": "rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8\u0026tag=fe53f40-1"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"product": {
"name": "rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"product_id": "rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-operator-bundle\u0026tag=0.3.1-7"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.3.1-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"product_id": "rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.3.1-2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"product": {
"name": "rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"product_id": "rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-operator-bundle\u0026tag=1.47.1-10"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.47.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.81.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"product": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"product_id": "rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-operator-bundle\u0026tag=0.81.1-8"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.81.1-3"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x",
"product_id": "rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.1.1-9"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=742e3d3-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"product": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"product_id": "rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-opa-rhel8\u0026tag=fe53f40-1"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"product": {
"name": "rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"product_id": "rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-operator-bundle\u0026tag=0.3.1-7"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.3.1-2"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"product_id": "rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.3.1-2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x"
},
"product_reference": "rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le"
},
"product_reference": "rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64"
},
"product_reference": "rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x"
},
"product_reference": "rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64"
},
"product_reference": "rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le"
},
"product_reference": "rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x"
},
"product_reference": "rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64"
},
"product_reference": "rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le"
},
"product_reference": "rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x"
},
"product_reference": "rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64"
},
"product_reference": "rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64 as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x as a component of Red Hat OpenShift distributed tracing 2.9",
"product_id": "8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T15:32:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6085"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T15:32:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6085"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39318",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237776"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of HTML-like comments within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39318"
},
{
"category": "external",
"summary": "RHBZ#2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318"
},
{
"category": "external",
"summary": "https://go.dev/cl/526156",
"url": "https://go.dev/cl/526156"
},
{
"category": "external",
"summary": "https://go.dev/issue/62196",
"url": "https://go.dev/issue/62196"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2041.json",
"url": "https://vuln.go.dev/ID/GO-2023-2041.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T15:32:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6085"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of HTML-like comments within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39319",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237773"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of special tags within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39319"
},
{
"category": "external",
"summary": "RHBZ#2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319"
},
{
"category": "external",
"summary": "https://go.dev/cl/526157",
"url": "https://go.dev/cl/526157"
},
{
"category": "external",
"summary": "https://go.dev/issue/62197",
"url": "https://go.dev/issue/62197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2043.json",
"url": "https://vuln.go.dev/ID/GO-2023-2043.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T15:32:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6085"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of special tags within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw has been marked as moderate instead of high like NVD \nQUICConn.HandleData buffers data and passes it to handlePostHandshakeMessage every time the buffer contains a complete message, while HandleData doesn\u0027t limit the amount of data it can buffer, a panic or denial of service would likely be lower severity,also in order to exploit this vulnerability, an attacker would have to smuggle partial handshake data which might be rejected altogether as per tls RFC specification.Therfore because of a lower severity denial of service and conditions that are beyond the scope of attackers control,we have marked this as moderate severity",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T15:32:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6085"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A vulnerability was found in the Go QUIC protocol implementation in the logic that processes post-handshake messages. It is an uncontrolled resource consumption flaw, triggered when a malicious connection sends data without an enforced upper bound. This leads to unbounded memory growth, causing the service to crash and resulting in a denial of service.The single-dimensional impact of denial of service and the added complexity of whether the resource exhaustion would happen, being out of an attacker\u0027s control,this has been rated as moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T15:32:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6085"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T15:32:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6085"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T15:32:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6085"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:075e5a497bd37954221774f3b0e97a86f87bf9a8564a87fa8269b2acb01a5fdf_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:5667bbe8cdf5ef5b93fe2eb51af1b03ac25db50ee7f13a35e97c67968f70d9bc_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-agent-rhel8@sha256:b57f6bbb0fd714828d0b9bf4759a04cad8ba98db394dbb79d8a5a9d2c48a8383_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:21de0110a12e568d4fa9a814b1f3fb79b132be34770f795c6f43922a454bba34_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:3555c97e1edbc18ecc7ad756dae043a55215bcacd31e70a41c3e444a4b5bac98_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-all-in-one-rhel8@sha256:dd221ad03daa551a30a5b3631b9a489ab29147f4d0d380f317ee6e8999c5638f_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:20dfc6ffe41e4dceb854a2fa99cad5d6a9b48e8bfc51329fed767f47b7cb461f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:9551931c00cc1052ddb32310153352d56c70a50826c29bcee53fc048c6995399_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-collector-rhel8@sha256:a3224c5e1b39ca4a33f806a5930dd37304578420f382c43158ee290fffd21533_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:699727f91948e7a870cdae3f8d3cf88cdf1df934ea6c4e5e1a86467b7ea62da3_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6c1435712a36384a562448ec972ac39378b1e976490146cda1c98b510c76d849_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c53876745a6ae8a8ca6ec74d22f8cae148cf4b99e45c3efdcca323b6fbb4ad0e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:0b0b4bb1d943449bbfe99653eb918583b38e6e7fc9317653acf487bb33715fcf_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:8bfdcdb4432975726865d321037b600260c4df1b3a1811d1c85523d61e91bccc_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-es-rollover-rhel8@sha256:fbce2ceb4a0c5231823c931b87726b7a6a5e5f0c87ba93abad09acb11661a675_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:0d7c0ff5a6c0e645856e1550bfb8acea763d013e4b706b7da972094c26d8a3ba_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:27b6554e746eae26692298e78d623b3b7dc6ba53330c5e398beacd8d41512732_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-ingester-rhel8@sha256:498a6186790b5e8dc2ff8bc49f5a163a51b19ee36c5030b6ae44fd0c1dbe4139_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1a5c829466a50a4ed1b509fa83b1ffacb5290840e64c1f805e462c533a26c075_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:1bbbe479ae64cb639bde227e52bb60c55a855fed9109c0ba850e2b1474c8cf5d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-operator-bundle@sha256:f2ebe6b3b913ae5d0df0b985d4c2a93fc0f9dd90e97cdc2d39fdbb40a92c494a_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:40183936d78c62c1b34807bf21c6fa3570ab5a4c3fdcf2c708b6e2225addf88d_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:db25d6492ba18bf18fe8f63c86a9d565938da15c7c639b77d6b9285db0174094_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-query-rhel8@sha256:ebc33a6ada6c578e6b113bdfa3e0a9570f15e75cb3e87fa99a3ec23056d58f02_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:17b698d2b2bde4985346b6ffe28c4b0a71e0a6fec4937144aef5db4ca20f60e4_s390x",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:c3b11d9f4e98457310bd5a2a782ef02c85dabd0a97e954a5c385f648e168b9ba_amd64",
"8Base-RHOSDT-2.9:rhosdt/jaeger-rhel8-operator@sha256:e4722e3dbb65c43212e1f86bf5b24779879288a9044d57f2c33aed5baf1b2d33_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:97a23c3fdf791b59df6bc6e6f9311599ba2f3900aebe64ce4eaf8f77a7f76336_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:b9f94f8023b1e904e874ff67b5829c3c0e0a44aaeda6e88f8f34fa92d5f8a62c_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-collector-rhel8@sha256:d68e45ac3dd60f05aab018cba084ff93195bf9175ba642164cb062f7a4b9d71f_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9b88c187427bf315cc27690e22425000b87de35b40b04e566152eaf5319043c6_s390x",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:9de35e845d96684ca3009299dc5034742031f7632f839f877d812a243fd17f75_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-operator-bundle@sha256:dcfa33e5ff47f227e6a27d3babd88b02d269e96fc040eb0bc4301edd62dd404b_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:5a2e8e06addd84a2c83976a57b84187f8450f45244bd7174b0078d2b2d9e5635_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:b5f01804dc8b8e1b0cc179dc79aff1298fe29c2239d694fedf958adee7e27ec3_amd64",
"8Base-RHOSDT-2.9:rhosdt/opentelemetry-rhel8-operator@sha256:c940703247b04c520a51bf76f09a29eaa2e30d4e4d40db14f07e0ceba89eefbd_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:f39bf591bff322ca89eddc61dc1b8ed00b018ca0aac39228c3cc33368c9928e6_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:fc8a5757270970c2bcd42f659bdde3d9edebd0054cbd01541479c9aa51135cc8_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-opa-rhel8@sha256:ff6ebe99d093908235e41a3fc84a13ae4d4b647063d0a48925b5aaa0d3017724_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:4967482a0ef9ef89de4583d7ec9f6666e2334dacb099d5cb556f93f1118f5809_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:d5e00c9ebe3d8d4b009f1f6d7383d453ce9186e7e6ec1fc4c834b86461e831d9_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-gateway-rhel8@sha256:ec8e340dc736f5f1d8f0ac4f0b5d767660bbcdc96e2dbc48d8349f20c11e5c46_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:10394c478c148eaf171f328289b1bbec15b357bd1d5eb473abb31c2cd6cb5643_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:4fb7b99e4156f1c0e67708527ba6336fab647a717e6cad08dac93d191e820c70_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-operator-bundle@sha256:c54b08652dfdecd90c604e144e08da7eb6908f89cf4b5fe9bcb7844d28a2a002_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:307638d85cab7d8502cd6acd45d626a6e26a3c37ab3fb008946e80eee2e4a372_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:8c0c9b1534e1c2e4c513b8cef10df8daf9aed0e1798b563667b50c3e8554979b_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-query-rhel8@sha256:b5b4d89e126c76fa960a5ac2ba4b63f0e74ab5439cac372e1e0ebe81c1315b3e_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:4d62e2ee295809b3cfd0f663892226f1c1f5cf4ccb841fb322149b1d4088f135_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:946413dd5505c92b1eb0c3343fedf7c99ed104cd51933b8ad0dad92c9d85e1f1_s390x",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8-operator@sha256:f870fcbe6367921e167ee564e04db11daeaeafce3fa970aa28d8f8239be6391f_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:81b5694019779cea93a418e6edf684f54525dcb7da9a4090c7b886184bebe605_ppc64le",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:e77206dcf8a958c662f816161d9fa942eb7cd1749aa165075805e0add74e4cfb_amd64",
"8Base-RHOSDT-2.9:rhosdt/tempo-rhel8@sha256:efb15ac8f44d2ddcc0ac0913131df69f31ebd4aad76c503364b5efb517eabf40_s390x"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6115
Vulnerability from csaf_redhat - Published: 2023-10-25 14:01 - Updated: 2026-05-28 02:51Summary
Red Hat Security Advisory: OpenShift API for Data Protection security update
Severity
Important
Notes
Topic: An update is now available for OADP-1.1-RHEL-8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64 | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le | — |
Threats
Impact
Moderate
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64 | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64 | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64 | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64 | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64 | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
68 references
Acknowledgments
GMO Cybersecurity by Ierae, Inc.
Takeshi Kaneko
Martin Seemann
Marten Seemann
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for OADP-1.1-RHEL-8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)\n\n* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6115",
"url": "https://access.redhat.com/errata/RHSA-2023:6115"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6115.json"
}
],
"title": "Red Hat Security Advisory: OpenShift API for Data Protection security update",
"tracking": {
"current_release_date": "2026-05-28T02:51:28+00:00",
"generator": {
"date": "2026-05-28T02:51:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6115",
"initial_release_date": "2023-10-25T14:01:58+00:00",
"revision_history": [
{
"date": "2023-10-25T14:01:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-25T14:01:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:51:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-OADP-1.1",
"product": {
"name": "8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_api_data_protection:1.1::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift API for Data Protection"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"product": {
"name": "oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"product_id": "oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.7-8"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"product_id": "oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.7-8"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"product": {
"name": "oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"product_id": "oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.7-7"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"product": {
"name": "oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"product_id": "oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"product_id": "oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"product": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.7-6"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"product": {
"name": "oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"product_id": "oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.7-8"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"product_id": "oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.7-8"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"product": {
"name": "oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"product_id": "oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.7-7"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"product": {
"name": "oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"product_id": "oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"product_id": "oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"product": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.7-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"product": {
"name": "oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"product_id": "oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.7-8"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"product_id": "oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.7-8"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"product": {
"name": "oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"product_id": "oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.7-7"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"product": {
"name": "oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"product_id": "oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"product_id": "oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.7-6"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le",
"product": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le",
"product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.7-6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x"
},
"product_reference": "oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64"
},
"product_reference": "oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le"
},
"product_reference": "oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le"
},
"product_reference": "oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x"
},
"product_reference": "oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64"
},
"product_reference": "oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le"
},
"product_reference": "oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x"
},
"product_reference": "oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
},
"product_reference": "oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64"
},
"product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x"
},
"product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
},
"product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-25T14:01:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6115"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-25T14:01:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6115"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39318",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237776"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of HTML-like comments within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39318"
},
{
"category": "external",
"summary": "RHBZ#2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318"
},
{
"category": "external",
"summary": "https://go.dev/cl/526156",
"url": "https://go.dev/cl/526156"
},
{
"category": "external",
"summary": "https://go.dev/issue/62196",
"url": "https://go.dev/issue/62196"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2041.json",
"url": "https://vuln.go.dev/ID/GO-2023-2041.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-25T14:01:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6115"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of HTML-like comments within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39319",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237773"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of special tags within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39319"
},
{
"category": "external",
"summary": "RHBZ#2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319"
},
{
"category": "external",
"summary": "https://go.dev/cl/526157",
"url": "https://go.dev/cl/526157"
},
{
"category": "external",
"summary": "https://go.dev/issue/62197",
"url": "https://go.dev/issue/62197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2043.json",
"url": "https://vuln.go.dev/ID/GO-2023-2043.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-25T14:01:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6115"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of special tags within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw has been marked as moderate instead of high like NVD \nQUICConn.HandleData buffers data and passes it to handlePostHandshakeMessage every time the buffer contains a complete message, while HandleData doesn\u0027t limit the amount of data it can buffer, a panic or denial of service would likely be lower severity,also in order to exploit this vulnerability, an attacker would have to smuggle partial handshake data which might be rejected altogether as per tls RFC specification.Therfore because of a lower severity denial of service and conditions that are beyond the scope of attackers control,we have marked this as moderate severity",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-25T14:01:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6115"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A vulnerability was found in the Go QUIC protocol implementation in the logic that processes post-handshake messages. It is an uncontrolled resource consumption flaw, triggered when a malicious connection sends data without an enforced upper bound. This leads to unbounded memory growth, causing the service to crash and resulting in a denial of service.The single-dimensional impact of denial of service and the added complexity of whether the resource exhaustion would happen, being out of an attacker\u0027s control,this has been rated as moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-25T14:01:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6115"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-25T14:01:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6115"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-25T14:01:58+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6115"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6161
Vulnerability from csaf_redhat - Published: 2023-10-30 02:16 - Updated: 2026-05-28 02:51Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.14 security and bug fix update
Severity
Important
Notes
Topic: The Migration Toolkit for Containers (MTC) 1.7.14 is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64 | — |
Threats
Impact
Moderate
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64 | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64 | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
68 references
Acknowledgments
GMO Cybersecurity by Ierae, Inc.
Takeshi Kaneko
Martin Seemann
Marten Seemann
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.7.14 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)\n\n* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6161",
"url": "https://access.redhat.com/errata/RHSA-2023:6161"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6161.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.14 security and bug fix update",
"tracking": {
"current_release_date": "2026-05-28T02:51:30+00:00",
"generator": {
"date": "2026-05-28T02:51:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6161",
"initial_release_date": "2023-10-30T02:16:18+00:00",
"revision_history": [
{
"date": "2023-10-30T02:16:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-30T02:16:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:51:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.7",
"product": {
"name": "8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.14-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"product": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.14-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.14-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.14-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.14-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"product": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.14-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.14-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.14-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.14-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.14-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.14-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.14-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.14-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.14-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.14-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.14-2"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.14-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64"
},
"product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64"
},
"product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-30T02:16:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6161"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-30T02:16:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6161"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39318",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237776"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of HTML-like comments within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39318"
},
{
"category": "external",
"summary": "RHBZ#2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318"
},
{
"category": "external",
"summary": "https://go.dev/cl/526156",
"url": "https://go.dev/cl/526156"
},
{
"category": "external",
"summary": "https://go.dev/issue/62196",
"url": "https://go.dev/issue/62196"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2041.json",
"url": "https://vuln.go.dev/ID/GO-2023-2041.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-30T02:16:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6161"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of HTML-like comments within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39319",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237773"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of special tags within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39319"
},
{
"category": "external",
"summary": "RHBZ#2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319"
},
{
"category": "external",
"summary": "https://go.dev/cl/526157",
"url": "https://go.dev/cl/526157"
},
{
"category": "external",
"summary": "https://go.dev/issue/62197",
"url": "https://go.dev/issue/62197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2043.json",
"url": "https://vuln.go.dev/ID/GO-2023-2043.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-30T02:16:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6161"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of special tags within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw has been marked as moderate instead of high like NVD \nQUICConn.HandleData buffers data and passes it to handlePostHandshakeMessage every time the buffer contains a complete message, while HandleData doesn\u0027t limit the amount of data it can buffer, a panic or denial of service would likely be lower severity,also in order to exploit this vulnerability, an attacker would have to smuggle partial handshake data which might be rejected altogether as per tls RFC specification.Therfore because of a lower severity denial of service and conditions that are beyond the scope of attackers control,we have marked this as moderate severity",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-30T02:16:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6161"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A vulnerability was found in the Go QUIC protocol implementation in the logic that processes post-handshake messages. It is an uncontrolled resource consumption flaw, triggered when a malicious connection sends data without an enforced upper bound. This leads to unbounded memory growth, causing the service to crash and resulting in a denial of service.The single-dimensional impact of denial of service and the added complexity of whether the resource exhaustion would happen, being out of an attacker\u0027s control,this has been rated as moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-30T02:16:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6161"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-30T02:16:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6161"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-30T02:16:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6161"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:db6e79aff9c592fe7f27145d01d7444f4dc4e0144cc036ae916d9cf0c95a9cfe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:c12186c030ce5192c823351ac212c1acf1c85fa574267bc64d2cdf90c5dae87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ce90e9b7af04340afc72f38cfdf5b64d2a6fcae23f59223e2d510c028823d87f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:58f92f50972a948c40319a5c2c9abfe3d44034ba1538f018b51f9998ee875e90_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:cc19dae1824b42b15a8015f6a88f1bc0f85e75a9e7d14f38313a27d93c88f22f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:79006886844f82db986d9778994727cd40943faa77b2740b54f312fca6602950_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:34e80eefb9b91a41bc4648e02de37d262347085c4da9bd032f43c8bb59e4459a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:4dfa0ace1d92a6ae70d08dc3aff621e5f332956f213db987d9862ed2685e6733_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:0dc885972e7035f2c4b31016f4053e2bd73e328ace6aeee07380db5e0b055b02_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:cc4a32d349982a82cee52247627f1fd76b6630a6ddb4523a326e83f99d65826d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:b3fd7bf0c25ecd110635de6e7d071cfe314cbe50ee0f924f3dfa985fd24ae59e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c65d0ecc82eb9ebf2256c599b116e5878e57192caca90a83c1035421be914657_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:7ab0d93fe306b1baa0ae64a9c859776109f2cb27a0e468dc1d361e72a99d21b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:c89b222e9e9ae02a505fb6986ef1b6ca4b0e15706e3d44d2f03176af7f0d9b6a_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:06010b3b3c7ad25cf0c122cf49bb7795712eebc47936e3c88db46256e93f0843_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:39ac9f6895b2f71cc699c806df204b10af71f18a28de3d3839b7cde6cde13f64_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:4aefc874e9869305ec80f46548c5499b4887e29135efb9ecad01dfd5a54b31fa_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6279
Vulnerability from csaf_redhat - Published: 2023-11-15 01:08 - Updated: 2026-05-28 02:51Summary
Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.11.5
Severity
Important
Notes
Topic: cert-manager Operator for Red Hat OpenShift 1.11.5
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to developers working within your Kubernetes cluster.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64 | — | ||
| Unresolved product id: 9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64 | — | ||
| Unresolved product id: 9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64 | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64 | — |
Workaround
|
Threats
Impact
Important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cert-manager Operator for Red Hat OpenShift 1.11.5\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to developers working within your Kubernetes cluster.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6279",
"url": "https://access.redhat.com/errata/RHSA-2023:6279"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "CM-180",
"url": "https://issues.redhat.com/browse/CM-180"
},
{
"category": "external",
"summary": "CM-214",
"url": "https://issues.redhat.com/browse/CM-214"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6279.json"
}
],
"title": "Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.11.5",
"tracking": {
"current_release_date": "2026-05-28T02:51:40+00:00",
"generator": {
"date": "2026-05-28T02:51:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6279",
"initial_release_date": "2023-11-15T01:08:30+00:00",
"revision_history": [
{
"date": "2023-11-15T01:08:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-15T01:08:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:51:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cert Manager support for Red Hat OpenShift release",
"product": {
"name": "Cert Manager support for Red Hat OpenShift release",
"product_id": "9Base-CERT-MANAGER-1.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cert_manager:1.11::el9"
}
}
}
],
"category": "product_family",
"name": "Cert Manager support for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64",
"product": {
"name": "cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64",
"product_id": "cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager/cert-manager-operator-bundle\u0026tag=v1.11.5-6"
}
}
},
{
"category": "product_version",
"name": "cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64",
"product": {
"name": "cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64",
"product_id": "cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager/cert-manager-operator-rhel9\u0026tag=v1.11.5-5"
}
}
},
{
"category": "product_version",
"name": "cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64",
"product": {
"name": "cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64",
"product_id": "cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9\u0026tag=v1.11.5-4"
}
}
},
{
"category": "product_version",
"name": "cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64",
"product": {
"name": "cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64",
"product_id": "cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9\u0026tag=v1.11.5-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64 as a component of Cert Manager support for Red Hat OpenShift release",
"product_id": "9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64"
},
"product_reference": "cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64",
"relates_to_product_reference": "9Base-CERT-MANAGER-1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64 as a component of Cert Manager support for Red Hat OpenShift release",
"product_id": "9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64"
},
"product_reference": "cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64",
"relates_to_product_reference": "9Base-CERT-MANAGER-1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64 as a component of Cert Manager support for Red Hat OpenShift release",
"product_id": "9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64"
},
"product_reference": "cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64",
"relates_to_product_reference": "9Base-CERT-MANAGER-1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64 as a component of Cert Manager support for Red Hat OpenShift release",
"product_id": "9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64"
},
"product_reference": "cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64",
"relates_to_product_reference": "9Base-CERT-MANAGER-1.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64"
],
"known_not_affected": [
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-15T01:08:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6279"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64"
],
"known_not_affected": [
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-15T01:08:30+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6279"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-bundle@sha256:dc15fb6d2a50e2802d93f35a3ace7304e0472edf3a3c08a432e602ce9232d741_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/cert-manager-operator-rhel9@sha256:768ab23c17b2b3394e63d7180a964291b53968ed456fe00ffacba0681cc8600c_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0e97ef32756520c784389d89d15bf2f3990c064494904dbed1b7b5f4f30a0641_amd64",
"9Base-CERT-MANAGER-1.11:cert-manager/jetstack-cert-manager-rhel9@sha256:adafda1401b765f40a2f9ab109e88e7949f2387bf99b7ea317bf26638399b817_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…