Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-39325 (GCVE-0-2023-39325)
Vulnerability from cvelistv5 – Published: 2023-10-11 21:15 – Updated: 2025-02-13 17:02
VLAI
EPSS
Title
HTTP/2 rapid reset can cause excessive work in net/http
Summary
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
43 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/http |
Affected:
0 , < 1.20.10
(semver)
Affected: 1.21.0-0 , < 1.21.3 (semver) |
|
| golang.org/x/net | golang.org/x/net/http2 |
Affected:
0 , < 0.17.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/63417"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/534215"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/534235"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "http2serverConn.serve"
},
{
"name": "http2serverConn.processHeaders"
},
{
"name": "http2serverConn.upgradeRequest"
},
{
"name": "http2serverConn.runHandler"
},
{
"name": "ListenAndServe"
},
{
"name": "ListenAndServeTLS"
},
{
"name": "Serve"
},
{
"name": "ServeTLS"
},
{
"name": "Server.ListenAndServe"
},
{
"name": "Server.ListenAndServeTLS"
},
{
"name": "Server.Serve"
},
{
"name": "Server.ServeTLS"
},
{
"name": "http2Server.ServeConn"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.21.3",
"status": "affected",
"version": "1.21.0-0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2",
"product": "golang.org/x/net/http2",
"programRoutines": [
{
"name": "serverConn.serve"
},
{
"name": "serverConn.processHeaders"
},
{
"name": "serverConn.upgradeRequest"
},
{
"name": "serverConn.runHandler"
},
{
"name": "Server.ServeConn"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.17.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-28T04:05:57.980Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/63417"
},
{
"url": "https://go.dev/cl/534215"
},
{
"url": "https://go.dev/cl/534235"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
},
{
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
}
],
"title": "HTTP/2 rapid reset can cause excessive work in net/http"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2023-39325",
"datePublished": "2023-10-11T21:15:02.727Z",
"dateReserved": "2023-07-27T17:05:55.188Z",
"dateUpdated": "2025-02-13T17:02:50.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-39325",
"date": "2026-06-04",
"epss": "0.0015",
"percentile": "0.3519"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-39325\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2023-10-11T22:15:09.880\",\"lastModified\":\"2024-11-21T08:15:09.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.\"},{\"lang\":\"es\",\"value\":\"Un cliente HTTP/2 malicioso que crea solicitudes r\u00e1pidamente y las restablece inmediatamente puede provocar un consumo excesivo de recursos del servidor. Si bien el n\u00famero total de solicitudes est\u00e1 limitado por la configuraci\u00f3n http2.Server.MaxConcurrentStreams, restablecer una solicitud en curso permite al atacante crear una nueva solicitud mientras la existente a\u00fan se est\u00e1 ejecutando. Con la soluci\u00f3n aplicada, los servidores HTTP/2 ahora vincularon el n\u00famero de rutinas de controlador que se ejecutan simult\u00e1neamente al l\u00edmite de concurrencia de transmisi\u00f3n (MaxConcurrentStreams). Las nuevas solicitudes que lleguen cuando se encuentre en el l\u00edmite (lo que solo puede ocurrir despu\u00e9s de que el cliente haya restablecido una solicitud existente en curso) se pondr\u00e1n en cola hasta que salga un controlador. Si la cola de solicitudes crece demasiado, el servidor finalizar\u00e1 la conexi\u00f3n. Este problema tambi\u00e9n se solucion\u00f3 en golang.org/x/net/http2 para los usuarios que configuran HTTP/2 manualmente. El l\u00edmite de simultaneidad de transmisiones predeterminado es 250 transmisiones (solicitudes) por conexi\u00f3n HTTP/2. Este valor se puede ajustar utilizando el paquete golang.org/x/net/http2; consulte la configuraci\u00f3n Server.MaxConcurrentStreams y la funci\u00f3n ConfigureServer.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.20.0\",\"versionEndExcluding\":\"1.20.10\",\"matchCriteriaId\":\"99C776A5-1409-4638-AB9A-8A2B053DBFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.3\",\"matchCriteriaId\":\"5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"D7D2F801-6F65-4705-BCB9-D057EA54A707\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_trident:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E44A7B-F32A-43F2-B41A-CB3049100DF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_trident_autosupport:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25008095-A75E-4E34-9538-61B6334BB0F9\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/534215\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/534235\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/63417\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\",\"source\":\"security@golang.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2102\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231110-0008/\",\"source\":\"security@golang.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://go.dev/cl/534215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/534235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/63417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231110-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2023:6041
Vulnerability from csaf_redhat - Published: 2023-10-23 18:31 - Updated: 2026-06-05 00:59Summary
Red Hat Security Advisory: Self Node Remediation Operator 0.7.1 security update
Severity
Important
Notes
Topic: This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Self Node Remediation Operator works in conjunction with machine health check or node health check to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and ReadWriteOnce (RWO) Volumes, as well as restoring compute capacity in the event of transient failures.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64 | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Self Node Remediation Operator works in conjunction with machine health check or node health check to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and ReadWriteOnce (RWO) Volumes, as well as restoring compute capacity in the event of transient failures. \n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6041",
"url": "https://access.redhat.com/errata/RHSA-2023:6041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6041.json"
}
],
"title": "Red Hat Security Advisory: Self Node Remediation Operator 0.7.1 security update",
"tracking": {
"current_release_date": "2026-06-05T00:59:16+00:00",
"generator": {
"date": "2026-06-05T00:59:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6041",
"initial_release_date": "2023-10-23T18:31:18+00:00",
"revision_history": [
{
"date": "2023-10-23T18:31:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T18:31:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:59:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Self Node Remediation 0.7 for RHEL 8",
"product": {
"name": "Self Node Remediation 0.7 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:workload_availability_snr:0.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Workload Availability"
},
{
"branches": [
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"product": {
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"product_id": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-operator-bundle\u0026tag=v0.7.1-6"
}
}
},
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64",
"product": {
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64",
"product_id": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-rhel8-operator\u0026tag=v0.7.1-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64 as a component of Self Node Remediation 0.7 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
},
"product_reference": "workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64 as a component of Self Node Remediation 0.7 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
},
"product_reference": "workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
],
"known_not_affected": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6041"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
],
"known_not_affected": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:31:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6041"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64",
"8Base-SELF-NODE-REMEDIATION-0.7:workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6042
Vulnerability from csaf_redhat - Published: 2023-10-23 18:39 - Updated: 2026-06-05 00:59Summary
Red Hat Security Advisory: Self Node Remediation Operator 0.5.1 security update
Severity
Important
Notes
Topic: This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Self Node Remediation Operator works in conjunction with machine health check or node health check to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and ReadWriteOnce (RWO) Volumes, as well as restoring compute capacity in the event of transient failures.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64 | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "This is an updated version of the Self Node Remediation Operator. This Operator is delivered by Red Hat Workload Availability.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Self Node Remediation Operator works in conjunction with machine health check or node health check to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and ReadWriteOnce (RWO) Volumes, as well as restoring compute capacity in the event of transient failures. \n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6042",
"url": "https://access.redhat.com/errata/RHSA-2023:6042"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6042.json"
}
],
"title": "Red Hat Security Advisory: Self Node Remediation Operator 0.5.1 security update",
"tracking": {
"current_release_date": "2026-06-05T00:59:17+00:00",
"generator": {
"date": "2026-06-05T00:59:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6042",
"initial_release_date": "2023-10-23T18:39:36+00:00",
"revision_history": [
{
"date": "2023-10-23T18:39:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T18:39:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:59:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Self Node Remediation 0.5 for RHEL 8",
"product": {
"name": "Self Node Remediation 0.5 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:workload_availability_snr:0.5::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Workload Availability"
},
{
"branches": [
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"product": {
"name": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"product_id": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-must-gather-rhel8\u0026tag=v0.5.1-45"
}
}
},
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"product": {
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"product_id": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-operator-bundle\u0026tag=v0.5.1-45"
}
}
},
{
"category": "product_version",
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64",
"product": {
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64",
"product_id": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3?arch=amd64\u0026repository_url=registry.redhat.io/workload-availability/self-node-remediation-rhel8-operator\u0026tag=v0.5.1-45"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64 as a component of Self Node Remediation 0.5 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64"
},
"product_reference": "workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64 as a component of Self Node Remediation 0.5 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
},
"product_reference": "workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64 as a component of Self Node Remediation 0.5 for RHEL 8",
"product_id": "8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
},
"product_reference": "workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64",
"relates_to_product_reference": "8Base-SELF-NODE-REMEDIATION-0.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
],
"known_not_affected": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:39:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6042"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
],
"known_not_affected": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T18:39:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6042"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-must-gather-rhel8@sha256:0abf7c74783c4c310937b63cf6f2965e8eb076007691176ee4d7e76b956257c2_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-operator-bundle@sha256:36561e5888cd34f8fb83ceff2910141fceaa6ea290bd246125930fe183e2ebc3_amd64",
"8Base-SELF-NODE-REMEDIATION-0.5:workload-availability/self-node-remediation-rhel8-operator@sha256:8f1d095530f102c6edbcb53a9c2685a043a9c9869b7ca6c1d254dd74ee17b0a3_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6044
Vulnerability from csaf_redhat - Published: 2023-10-23 19:21 - Updated: 2026-02-03 02:59Summary
Red Hat Security Advisory: Cost Management security update
Severity
Important
Notes
Topic: An update for costmanagement-metrics-operator-bundle-container and costmanagement-metrics-operator-container is now available for Cost Management for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64 | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for costmanagement-metrics-operator-bundle-container and costmanagement-metrics-operator-container is now available for Cost Management for RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6044",
"url": "https://access.redhat.com/errata/RHSA-2023:6044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6044.json"
}
],
"title": "Red Hat Security Advisory: Cost Management security update",
"tracking": {
"current_release_date": "2026-02-03T02:59:37+00:00",
"generator": {
"date": "2026-02-03T02:59:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2023:6044",
"initial_release_date": "2023-10-23T19:21:34+00:00",
"revision_history": [
{
"date": "2023-10-23T19:21:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T19:21:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-03T02:59:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cost Management for RHEL 8",
"product": {
"name": "Cost Management for RHEL 8",
"product_id": "8Base-costmanagement",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cost_management:1::el8"
}
}
}
],
"category": "product_family",
"name": "Cost Management"
},
{
"branches": [
{
"category": "product_version",
"name": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"product": {
"name": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"product_id": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73?arch=amd64\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-operator-bundle\u0026tag=3.0.1-1"
}
}
},
{
"category": "product_version",
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64",
"product": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64",
"product_id": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09?arch=amd64\u0026repository_url=registry.redhat.io/costmanagement/costmanagement-metrics-rhel8-operator\u0026tag=3.0.1-1"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64 as a component of Cost Management for RHEL 8",
"product_id": "8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
},
"product_reference": "costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"relates_to_product_reference": "8Base-costmanagement"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64 as a component of Cost Management for RHEL 8",
"product_id": "8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
},
"product_reference": "costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64",
"relates_to_product_reference": "8Base-costmanagement"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
],
"known_not_affected": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T19:21:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6044"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
],
"known_not_affected": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T19:21:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6044"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-costmanagement:costmanagement/costmanagement-metrics-operator-bundle@sha256:afcee273a058fa1ac7643271ee775bdc1ca5d765f0ea36af3b3a6633d9fcbd73_amd64",
"8Base-costmanagement:costmanagement/costmanagement-metrics-rhel8-operator@sha256:d5f91b20b8f00e42bfe1f2a24910d3ea56a820bc5814307c0c7fc85dfb103e09_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6048
Vulnerability from csaf_redhat - Published: 2023-10-23 20:24 - Updated: 2026-06-05 00:59Summary
Red Hat Security Advisory: ACS 4.2 enhancement and security update
Severity
Important
Notes
Topic: Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of RHACS 4.2.2 includes fixes for the following security
vulnerabilities:
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
It contains the following bug fixes and changes:
* Previously, Red Hat OpenShift Container Platform customers using the downloaded manifest bundle with automatic upgrades enabled found that Sensor did not automatically upgrade, and failed with a `PRE_FLIGHT_CHECKS_FAILED` error. This issue has been fixed. (ROX-19955)
* RHACS 4.2.2 includes a new default policy called "Rapid Reset: Denial of
Service Vulnerability in HTTP/2 Protocol". This policy alerts on
deployments with images containing components that are susceptible to a
Denial of Service (DoS) vulnerability for HTTP/2 servers, based on
CVE-2023-44487 and CVE-2023-39325. This policy applies to the build or
deploy life cycle stage.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of RHACS 4.2.2 includes fixes for the following security\nvulnerabilities:\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nIt contains the following bug fixes and changes:\n\n* Previously, Red Hat OpenShift Container Platform customers using the downloaded manifest bundle with automatic upgrades enabled found that Sensor did not automatically upgrade, and failed with a `PRE_FLIGHT_CHECKS_FAILED` error. This issue has been fixed. (ROX-19955)\n\n* RHACS 4.2.2 includes a new default policy called \"Rapid Reset: Denial of\nService Vulnerability in HTTP/2 Protocol\". This policy alerts on\ndeployments with images containing components that are susceptible to a\nDenial of Service (DoS) vulnerability for HTTP/2 servers, based on\nCVE-2023-44487 and CVE-2023-39325. This policy applies to the build or\ndeploy life cycle stage.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6048",
"url": "https://access.redhat.com/errata/RHSA-2023:6048"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_security_for_kubernetes/4.2/html/release_notes/release-notes-42",
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_security_for_kubernetes/4.2/html/release_notes/release-notes-42"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-39325",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6048.json"
}
],
"title": "Red Hat Security Advisory: ACS 4.2 enhancement and security update",
"tracking": {
"current_release_date": "2026-06-05T00:59:24+00:00",
"generator": {
"date": "2026-06-05T00:59:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6048",
"initial_release_date": "2023-10-23T20:24:48+00:00",
"revision_history": [
{
"date": "2023-10-23T20:24:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T20:24:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:59:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.2 for RHEL 8",
"product": {
"name": "RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.2.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.2.2-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.2.2-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.2.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.2.2-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.2.2-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.2.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.2.2-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.2.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.2.2-3"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64 as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"relates_to_product_reference": "8Base-RHACS-4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x as a component of RHACS 4.2 for RHEL 8",
"product_id": "8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x",
"relates_to_product_reference": "8Base-RHACS-4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T20:24:48+00:00",
"details": "If you are using an earlier version of RHACS 4.2, you are advised to upgrade to patch release 4.2.2.",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6048"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T20:24:48+00:00",
"details": "If you are using an earlier version of RHACS 4.2, you are advised to upgrade to patch release 4.2.2.",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6048"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:8f37c6215c27e7231546a97987b471bae5f3f5cd7458989cc9f032d7429ce9a5_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:925bdf348da6851a2f0efd903ce3061b7d0ed7b17dee8aa76e4e3d75f0b28150_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f2fad967d9f9d6f8e8b9dbec3e2a581a43b64f02fdc584750e206674d655dd5f_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:0fc1a13e6960e5077ae351cd6f12c65cc06fb9526dc9261eed98345e7b9a98c0_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:7f5898e7d868865d56b91f81d314bdc41a265e177f741dd05d4a9dc3b74d54bb_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-rhel8@sha256:f591a221d2dbe643b6d975d1a2e9b9289173e2e845a838ab850debe20c957f11_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:0572022184db58987b3abb065f0abac5368d7163d671e287151986a4b18898cf_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:13315f5c0db23887865ac2d310bd33b6258ac409d185209656531bc0b1fa0b2a_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:2844fcd4aa1aa285fffd24d0d07bd0e23b0927236d8d52ca51dafe3f06724850_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:638b97de5d0f42e63a75764430801f8c6cca99994b82a1741efb9e8a5fca34d2_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:f92ebfda68d49b1d0460cda21d8ccb4b5c9c88224b85e0aca9c2f6c29e195445_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-main-rhel8@sha256:fd758a96e8b07884a9ecd9e3b948889bb9004af3fbe6a370b6f54baed179797c_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:48fa08e690f9b2fbbde8fada15c9b124eb1fca868040369a73c98b95a9eff301_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:75148e16a364e4f67ecb8e914fc16b7ca4112c4e844b0d361a3feb88468f1215_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-operator-bundle@sha256:9a029334191c6b5b15df35e1959b2860da68ac3673ef8009bd54189e685a3b03_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:103b5cd32930836320eea0b28532ff9160cea7b02ddbb6af47df7433f7bb47c4_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:31d38c18be2020f49c28dee55ca92fd14237c6b9e3f54d7b0d6f1ded0ed4c372_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-rhel8-operator@sha256:772b19a562fe52c709532b487233cfbfa8cee16f12da309fd4432df04792f32c_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9e05ce576af3755eb9db6b38c01bd851b2335f4cbd116338ebcac4e3ed6a1ab0_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fab7366274d9d9d903ecc42bbb0219954481eb2a9a43cbb046df9f31f522c4b4_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:fec8341ce138808c01cb45838a6e494bf99d079a5009b622a8e4b0f3c1beee48_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1dc2e9076e32731506a39472bd045f90474f22a7a2fb0c0dbeca2942c4e8b06a_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:3b6df0593ce67833341a1ba58571753dbd20edc28490cf5647ea4f3d3a36c33e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4b386c2c2343fa09a4f71d4f7481b0e8daf7fcb3a3a710ff9f7c0e492070f156_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:62f346b0b81423603f6804de7938106653dc6fed6c22d9660426869cdbbda0ed_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:790f6345dc5a23855b2c3a2f0f1b07d6590659b8ff377833ce4d82f681056275_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:89ca3042eb40d7bf4ea2658e1a9f39cd507d71d469d927f48e5a36f64eff98cb_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:1d6df1627b7cbbe659afdc40c395fd8fe85f237bdc58fc86bb589ca8a5995141_s390x",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2ed5dd9abad665d668416feda3ad4bf8631a083fe4616e502245bdd679388687_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-rhel8@sha256:fb3a7a2124196239fefe325f45132797d2bb4795de89a26e78a53ff8e0d9094e_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2d39a1d54058d0bb181afc9218ee65698f572f3aa6c67c9cc058b23ea68cf32e_ppc64le",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e0076d3574ecf23354a340f808926c4dc9e338920daa83085764c0f2a092025_amd64",
"8Base-RHACS-4.2:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4bc615a0954e2514c7266a639bcf0dedc290cf8d464738143ce73a5711e9dd66_s390x"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6057
Vulnerability from csaf_redhat - Published: 2023-10-23 21:13 - Updated: 2026-06-05 00:59Summary
Red Hat Security Advisory: toolbox security update
Severity
Critical
Notes
Topic: An update for toolbox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for toolbox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6057",
"url": "https://access.redhat.com/errata/RHSA-2023:6057"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6057.json"
}
],
"title": "Red Hat Security Advisory: toolbox security update",
"tracking": {
"current_release_date": "2026-06-05T00:59:29+00:00",
"generator": {
"date": "2026-06-05T00:59:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6057",
"initial_release_date": "2023-10-23T21:13:36+00:00",
"revision_history": [
{
"date": "2023-10-23T21:13:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T21:13:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:59:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-4.el9_0.src",
"product": {
"name": "toolbox-0:0.0.99.3-4.el9_0.src",
"product_id": "toolbox-0:0.0.99.3-4.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-4.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-4.el9_0.aarch64",
"product": {
"name": "toolbox-0:0.0.99.3-4.el9_0.aarch64",
"product_id": "toolbox-0:0.0.99.3-4.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-4.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"product_id": "toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-4.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"product_id": "toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-4.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-4.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"product": {
"name": "toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"product_id": "toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-4.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"product": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"product_id": "toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-4.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"product_id": "toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-4.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"product_id": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-4.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-4.el9_0.x86_64",
"product": {
"name": "toolbox-0:0.0.99.3-4.el9_0.x86_64",
"product_id": "toolbox-0:0.0.99.3-4.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-4.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.x86_64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.x86_64",
"product_id": "toolbox-tests-0:0.0.99.3-4.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-4.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"product_id": "toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-4.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-4.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-4.el9_0.s390x",
"product": {
"name": "toolbox-0:0.0.99.3-4.el9_0.s390x",
"product_id": "toolbox-0:0.0.99.3-4.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-4.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"product": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"product_id": "toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-4.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"product_id": "toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-4.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"product_id": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-4.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-4.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64"
},
"product_reference": "toolbox-0:0.0.99.3-4.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-4.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le"
},
"product_reference": "toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-4.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x"
},
"product_reference": "toolbox-0:0.0.99.3-4.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-4.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src"
},
"product_reference": "toolbox-0:0.0.99.3-4.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-4.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64"
},
"product_reference": "toolbox-0:0.0.99.3-4.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le"
},
"product_reference": "toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x"
},
"product_reference": "toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-4.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-4.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T21:13:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6057"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T21:13:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6057"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.src",
"AppStream-9.0.0.Z.EUS:toolbox-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debuginfo-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-debugsource-0:0.0.99.3-4.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:toolbox-tests-0:0.0.99.3-4.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6059
Vulnerability from csaf_redhat - Published: 2023-10-23 21:20 - Updated: 2026-06-05 00:59Summary
Red Hat Security Advisory: Red Hat OpenShift Pipelines Client tkn for 1.12.1 release and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Pipelines Client, tkn for the 1.12.1 release, provides a CLI tool to interact with the Pipelines and Triggers components provided by Red Hat OpenShift Pipelines 1.12.1
The tkn CLI tool is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Pipelines Client, tkn for the 1.12.1 release, provides a CLI tool to interact with the Pipelines and Triggers components provided by Red Hat OpenShift Pipelines 1.12.1\n\nThe tkn CLI tool is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6059",
"url": "https://access.redhat.com/errata/RHSA-2023:6059"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/4.13/cli_reference/tkn_cli/installing-tkn.html",
"url": "https://docs.openshift.com/container-platform/4.13/cli_reference/tkn_cli/installing-tkn.html"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "SRVKP-3551",
"url": "https://issues.redhat.com/browse/SRVKP-3551"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6059.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Pipelines Client tkn for 1.12.1 release and security update",
"tracking": {
"current_release_date": "2026-06-05T00:59:30+00:00",
"generator": {
"date": "2026-06-05T00:59:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6059",
"initial_release_date": "2023-10-23T21:20:26+00:00",
"revision_history": [
{
"date": "2023-10-23T21:20:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T21:20:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:59:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Pipelines version 1.12 for RHEL 8",
"product": {
"name": "OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_pipelines:1.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Pipelines"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.src",
"product": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.src",
"product_id": "openshift-pipelines-client-0:1.12.1-11260.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client@1.12.1-11260.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"product": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"product_id": "openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client@1.12.1-11260.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64",
"product": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64",
"product_id": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client-redistributable@1.12.1-11260.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"product": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"product_id": "openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client@1.12.1-11260.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"product": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"product_id": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client-redistributable@1.12.1-11260.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"product": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"product_id": "openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client@1.12.1-11260.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"product": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"product_id": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client-redistributable@1.12.1-11260.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"product": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"product_id": "openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client@1.12.1-11260.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"product": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"product_id": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-pipelines-client-redistributable@1.12.1-11260.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.aarch64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64"
},
"product_reference": "openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le"
},
"product_reference": "openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x"
},
"product_reference": "openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.src as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src"
},
"product_reference": "openshift-pipelines-client-0:1.12.1-11260.el8.src",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-0:1.12.1-11260.el8.x86_64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64"
},
"product_reference": "openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64"
},
"product_reference": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le"
},
"product_reference": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x"
},
"product_reference": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
},
"product_reference": "openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T21:20:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6059"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T21:20:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6059"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.src",
"8Base-PIPELINES-1.12:openshift-pipelines-client-0:1.12.1-11260.el8.x86_64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.aarch64",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.s390x",
"8Base-PIPELINES-1.12:openshift-pipelines-client-redistributable-0:1.12.1-11260.el8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6061
Vulnerability from csaf_redhat - Published: 2023-10-23 21:57 - Updated: 2026-06-05 00:59Summary
Red Hat Security Advisory: Red Hat OpenShift Pipelines 1.12.1 release and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Pipelines 1.12.1 has been released.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Pipelines is a cloud-native continuous integration and delivery (CI/CD) solution for building pipelines using Tekton. Tekton is a flexible, Kubernetes-native, open-source CI/CD framework which enables automating deployments across multiple platforms such as Kubernetes, Serverless, and VMs by abstracting away the underlying details.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat OpenShift Pipelines consists of:
- Tekton Pipelines 0.50.x
- Tekton Triggers 0.25.x
- ClusterTasks based on Tekton Catalog
- Tekton tkn CLI 0.32.x
- Tekton Operator 0.68.x
- Tekton Chains 0.17.x (GA)
- Tekton Hub 1.14.x (TP)
- Tekton Result 0.8.x (TP)
- Pipelines-as-Code 0.21.x (GA)
For more information, see the Release Notes on any one of the following platforms:
- Customer Portal: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/cicd/pipelines#op-release-notes-1-12_op-release-notes
- OpenShift documentation: https://docs.openshift.com/container-platform/4.13/cicd/pipelines/op-release-notes.html#op-release-notes-1-12_op-release-notes
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
100 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
100 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Pipelines 1.12.1 has been released.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Pipelines is a cloud-native continuous integration and delivery (CI/CD) solution for building pipelines using Tekton. Tekton is a flexible, Kubernetes-native, open-source CI/CD framework which enables automating deployments across multiple platforms such as Kubernetes, Serverless, and VMs by abstracting away the underlying details.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat OpenShift Pipelines consists of:\n\n- Tekton Pipelines 0.50.x\n- Tekton Triggers 0.25.x\n- ClusterTasks based on Tekton Catalog\n- Tekton tkn CLI 0.32.x\n- Tekton Operator 0.68.x\n- Tekton Chains 0.17.x (GA)\n- Tekton Hub 1.14.x (TP)\n- Tekton Result 0.8.x (TP)\n- Pipelines-as-Code 0.21.x (GA)\n\nFor more information, see the Release Notes on any one of the following platforms:\n\n- Customer Portal: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/cicd/pipelines#op-release-notes-1-12_op-release-notes\n\n- OpenShift documentation: https://docs.openshift.com/container-platform/4.13/cicd/pipelines/op-release-notes.html#op-release-notes-1-12_op-release-notes",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6061",
"url": "https://access.redhat.com/errata/RHSA-2023:6061"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://docs.openshift.com/pipelines/1.12/about/understanding-openshift-pipelines.html",
"url": "https://docs.openshift.com/pipelines/1.12/about/understanding-openshift-pipelines.html"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "SRVKP-3550",
"url": "https://issues.redhat.com/browse/SRVKP-3550"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6061.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Pipelines 1.12.1 release and security update",
"tracking": {
"current_release_date": "2026-06-05T00:59:31+00:00",
"generator": {
"date": "2026-06-05T00:59:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6061",
"initial_release_date": "2023-10-23T21:57:37+00:00",
"revision_history": [
{
"date": "2023-10-23T21:57:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-23T21:57:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:59:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Pipelines version 1.12 for RHEL 8",
"product": {
"name": "OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_pipelines:1.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Pipelines"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"product": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"product_id": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"product": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"product_id": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"product": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"product_id": "openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"product": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"product_id": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"product": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"product_id": "openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-events-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"product": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"product_id": "openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8\u0026tag=v1.12.1-2"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"product": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"product_id": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"product": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"product_id": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"product": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"product_id": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"product": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"product_id": "openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-nop-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"product": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"product_id": "openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-bundle\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"product": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"product_id": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"product": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"product_id": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"product": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"product_id": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-rhel8\u0026tag=v1.12.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"product": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"product_id": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"product": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"product_id": "openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"product": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"product_id": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"product": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"product_id": "openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-rhel8-operator\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"product": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"product_id": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"product_id": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"product_id": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"product_id": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"product_id": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"product": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"product_id": "openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"product": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"product_id": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752?arch=arm64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel8\u0026tag=v1.12.1-5"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"product": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"product_id": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"product": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"product_id": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"product": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"product_id": "openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"product": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"product_id": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"product": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"product_id": "openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-events-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"product": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"product_id": "openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8\u0026tag=v1.12.1-2"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"product": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"product_id": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"product": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"product_id": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"product": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"product_id": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"product": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"product_id": "openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-nop-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"product": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"product_id": "openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-bundle\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"product": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"product_id": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"product": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"product_id": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"product": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"product_id": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-rhel8\u0026tag=v1.12.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"product": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"product_id": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"product": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"product_id": "openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"product": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"product_id": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"product": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"product_id": "openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-rhel8-operator\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"product": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"product_id": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"product": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"product_id": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"product": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"product_id": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"product": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"product_id": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"product": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"product_id": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"product": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"product_id": "openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"product": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"product_id": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed?arch=s390x\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel8\u0026tag=v1.12.1-5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"product_id": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"product_id": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"product_id": "openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"product_id": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"product_id": "openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-events-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"product_id": "openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8\u0026tag=v1.12.1-2"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"product_id": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"product_id": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"product_id": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"product_id": "openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-nop-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"product_id": "openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-bundle\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"product_id": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"product_id": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"product_id": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-rhel8\u0026tag=v1.12.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"product_id": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"product_id": "openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"product_id": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"product_id": "openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-rhel8-operator\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"product_id": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"product_id": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"product_id": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"product_id": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"product_id": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"product_id": "openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le",
"product": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le",
"product_id": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel8\u0026tag=v1.12.1-5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"product": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"product_id": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-chains-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"product": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"product_id": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"product": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"product_id": "openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"product": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"product_id": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-entrypoint-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"product": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"product_id": "openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-events-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"product": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"product_id": "openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-git-init-rhel8\u0026tag=v1.12.1-2"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"product": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"product_id": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"product": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"product_id": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-db-migration-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"product": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"product_id": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-hub-ui-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"product": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"product_id": "openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-nop-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"product": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"product_id": "openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-bundle\u0026tag=v1.12.1-6"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"product": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"product_id": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-proxy-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"product": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"product_id": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-operator-webhook-rhel8\u0026tag=v1.12.1-9"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"product": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"product_id": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-rhel8\u0026tag=v1.12.1-7"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"product": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"product_id": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-resolvers-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"product": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"product_id": "openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-api-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"product": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"product_id": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-results-watcher-rhel8\u0026tag=v1.12.1-3"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"product": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"product_id": "openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-rhel8-operator\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"product": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"product_id": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-serve-tkn-cli-rhel8\u0026tag=v1.12.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"product_id": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-controller-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"product_id": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-core-interceptors-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"product_id": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"product": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"product_id": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-triggers-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"product": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"product_id": "openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-webhook-rhel8\u0026tag=v1.12.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"product": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"product_id": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059?arch=amd64\u0026repository_url=registry.redhat.io/openshift-pipelines/pipelines-workingdirinit-rhel8\u0026tag=v1.12.1-5"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64"
},
"product_reference": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64"
},
"product_reference": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x"
},
"product_reference": "openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64"
},
"product_reference": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x"
},
"product_reference": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64"
},
"product_reference": "openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64"
},
"product_reference": "openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x"
},
"product_reference": "openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64"
},
"product_reference": "openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64"
},
"product_reference": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64"
},
"product_reference": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x"
},
"product_reference": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64"
},
"product_reference": "openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x"
},
"product_reference": "openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64"
},
"product_reference": "openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64"
},
"product_reference": "openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x"
},
"product_reference": "openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64"
},
"product_reference": "openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64"
},
"product_reference": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64"
},
"product_reference": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x"
},
"product_reference": "openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x"
},
"product_reference": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64"
},
"product_reference": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64"
},
"product_reference": "openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64"
},
"product_reference": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x"
},
"product_reference": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64"
},
"product_reference": "openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64"
},
"product_reference": "openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64"
},
"product_reference": "openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x"
},
"product_reference": "openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64"
},
"product_reference": "openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x"
},
"product_reference": "openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64"
},
"product_reference": "openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x"
},
"product_reference": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64"
},
"product_reference": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64"
},
"product_reference": "openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64"
},
"product_reference": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64"
},
"product_reference": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x"
},
"product_reference": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64"
},
"product_reference": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x"
},
"product_reference": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64"
},
"product_reference": "openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64"
},
"product_reference": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x"
},
"product_reference": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64"
},
"product_reference": "openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x"
},
"product_reference": "openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64"
},
"product_reference": "openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64"
},
"product_reference": "openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64"
},
"product_reference": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x"
},
"product_reference": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64"
},
"product_reference": "openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64"
},
"product_reference": "openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64"
},
"product_reference": "openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x"
},
"product_reference": "openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x"
},
"product_reference": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64"
},
"product_reference": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64"
},
"product_reference": "openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x"
},
"product_reference": "openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x"
},
"product_reference": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x"
},
"product_reference": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x"
},
"product_reference": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64"
},
"product_reference": "openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x"
},
"product_reference": "openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64"
},
"product_reference": "openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64"
},
"product_reference": "openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x"
},
"product_reference": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64"
},
"product_reference": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64 as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64"
},
"product_reference": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le as a component of OpenShift Pipelines version 1.12 for RHEL 8",
"product_id": "8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
},
"product_reference": "openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le",
"relates_to_product_reference": "8Base-PIPELINES-1.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T21:57:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nIf you selected the Automatic update strategy when you installed the Red Hat OpenShift Pipelines operator, the operator applies this update automatically. If you selected the Manual update strategy, use the OpenShift Container Platform web console to approve the update. For instructions about approving\nthe update, see:\n\nhttps://docs.openshift.com/container-platform/4.10/operators/admin/olm-upgrading-operators.html#olm-approving-pending-up[\u2026]e_olm-upgrading-operators",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6061"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T21:57:37+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nIf you selected the Automatic update strategy when you installed the Red Hat OpenShift Pipelines operator, the operator applies this update automatically. If you selected the Manual update strategy, use the OpenShift Container Platform web console to approve the update. For instructions about approving\nthe update, see:\n\nhttps://docs.openshift.com/container-platform/4.10/operators/admin/olm-upgrading-operators.html#olm-approving-pending-up[\u2026]e_olm-upgrading-operators",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6061"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:116359e30bc6aa61773d6963383760a54d65fbd8d4e519eec4509b69852e95ea_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:2ea77b758529e064dae4d1bcd5b326138f86735e216d1306a4e2c7cac00f3134_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:4318a47d134f0fbcac0fe68cde31efc05e7aeb8a197cfdd13a58b848aa7d227f_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-chains-controller-rhel8@sha256:797342f67fd5fa305ccb10b07085e10c65ad58bf6c95c94af139ca44c537cb17_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:0a1cc1b6df16a7b94075369909bba6aa136028ead28cc147ca2cba04875a7868_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:1aa2ec69df67db06e4240b27f9509a367ab030df653629a6537508e22a6576e5_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:28262e80e10cb265b53d79e85244febb7f3b484be32d4ce7b745bbd461e2d826_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:3d3f6bb7ffa163cffb3cbaebb83f40838a53b3f12a4a0f150ce7e675707c5952_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:1575c6566d0eef999fa2fb98d32213b5f7c330a2b994af4fbd50d5f7351e2c03_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:287e63d390d671f26744ce8777bcc32462263b01b498dd227b83532462714c29_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:61e2e3822dc0709407ee493c5cb7feeb65d0ae797faead9513bde74eb4f39be1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-controller-rhel8@sha256:dff11111aa116706c4805c8480f5a12058ed59b2776858b19c0e01168d01cc14_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:0f40a29b561a9993cbfec7cd708b074e589954af0a428e52c20c44ff210f986b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:669b7e4241129e9336c23da8fd8ebeed5464d65945ee284e7131d48da99890b4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:b2d8abd9ad6bfafa84ece67b548aa2942ba1779ce1fda438279ac63b60896776_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-entrypoint-rhel8@sha256:e886d5ebad7ac27623069fe464c908a26b1beeaadc8ec57f6612e2b508846ead_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:3e0d44dc4552aa6612d32646a902d5752dc057415ff27c6929b2aa49bffbef4e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:7e82a4f854a86bc651071c87627d21af96e626ed33337b2578fe57fee89468c2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8b4611e27d99bde9fb579a1bc8721ab6d52f17bfb81f2454434c5ed19a98a2ea_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-events-rhel8@sha256:8de8684a69b587d1f065d6078e81a3e5341ff21c485ceaac6383aa8c517fe0b3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:07586965cffa016dafc2847be858c8587abff1fedbf2b2df748cd58514e3ef4b_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:38af85bccd58ac63b36c8e9a2ef3b06f26d6a4759827f4e5cbeb1b659a820bde_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:9a78ad10c41dc3a256b8fcef61effd6789ca7725c33fb49f92f8dd39bc82173b_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-git-init-rhel8@sha256:f9f11063dce92b9dde7616b7fe994d91e19d3b4cc50aa36d003fb658c2efaffd_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:346f87d202160ba458f93207b0c66bfef3b8203d9aa48c47677c64a9ff9467d8_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:38ddec97f08a0bc1ff1e463a571ab62489dc938ed16ad1c3dd2c4b41139a8a90_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:5790386713432c09382d7acbbaf603a95c7098fb2f6af9f88822ce50c5af0760_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-api-rhel8@sha256:d023f432d3bce3f5706b1b909ea8a8d36a4c370f0fcf50ee9e648b7f4fb095bc_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:2beb349996a33481911d905a899be11b59d5cd4c3a16f7c37f0fc67eb1ae090b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4a33269cee36726cf553107faaff19fa1115cd35e4965a5a698f721a0631729f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:4ede517f844b45e55a4a8487c754bbb9a2946a34573e844a12a9dd2f053f684e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:e6035115e3a393125d5ca8ac648a88a662824e24a97fc051f72a80849756a9d2_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:0850cb1af40ab81ba7b9e5bbd569621694aabd6b28e3ba6160d270308e5fe6be_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:cf39fd2b6d5e209781c2bb329f907c76b2263b45d24af84f538a2721d4610d56_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:dd0fb9390ecb2e23f61b57bfe3fb896596b57a5cda963250cdbf0d145a536a86_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-hub-ui-rhel8@sha256:e8922f4d8c9d92d3a9aaf7e62ad135c07d5e908be6ee30ca04fc29da897dfea0_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:291d7da532c7d33b345bb801f3c38f80be5cf35b99c9be47e0666be69a3244da_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:487cc30c2c670aba327b729db1299f483e047b607db676b5a3ee706849831bda_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:62eaf79892ebf6f8873d89f511b87d398f8f742b4f139f959a2e3f7ba99cc280_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-nop-rhel8@sha256:d38def1b0a62fdd49f40d785e6efc6f1ee73b6e0bdb0b98f98dd73696498488d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:115e99b0799fc6e0d3a14e6f1656e922111444fc23f08be11bedbec83dc86cc3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:474120a685ba41e91084a1631621418cd57c65f987981436e4e3bff31d5f402f_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:91517f7e8fe93b57650d307a7e78b82a6f70107460bb667dd7b850a6cdd6deb1_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-bundle@sha256:d2909feede4924df75047a0c0c0a836b8b6efe4e0da083d1878fb2e7e0c23507_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:2f158c95e2018b79a8dbe9b5164bce3319182b84cef8859697e95b9aa1012c1a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:410eb6fa5b37835acaf5cea259e0a70163a4be87f54ba045ad24b5e2b7bd010e_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f4dfe1212cb6acdd76e883ef917c00e058f553ab04e2ed66912c9723bbcdfc59_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:f5b391696522945fa00a55977f2f7727452549309d923bc2a7e2608bcefdb7c9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:031e149e550685a213fef705dc71f0f830a0fd4be42afc70f6a89d8163acbcad_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:0ce510deaecb5fda9bea248cde60c5743d1e4094087e58f9a72de1b2597ab26a_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:6e926a41e998366d20ea5562f8b5a3662815907e0a066e875859947defc5b119_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-operator-webhook-rhel8@sha256:c4e2b44ae685e9cde43dcb8964337c81acf0e519f205d0366c8a0fb12cce075b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:0aa1ea10b71db84fb46127d81891cebb98fef546c45c276fefda79133992eaa3_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:4fc979e5d559ca2c88999f9e0289abbfd7abff4b17f6001349aacbb8db4765a4_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:5384a4a6adc017b2c522732e87b795349d0879d7d5ea2b7d11191b416701778b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-pipelines-as-code-rhel8@sha256:6049abe50510fb913fecb8828d6dd054a0ad2e9382920c78bc70c4e1030d5b50_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:6777f3a06a187632435fe720a144dec4f7ed44f326f69d409ba41302fe145eb7_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:c5d326316813a458955aa99fe2db671797bfc9901089b053db657ec4c1b0a50e_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:e8509f0ed5a4230067a956c148ffd2cf1ea1d4a534bb76669f3b4488502ee0e1_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-resolvers-rhel8@sha256:f127289c8505ac6d184e5c4dd16d7ed4d450a7fd7a90e19aebe3ad4845d432b9_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:601d3c134545e442d69ef465c86c56147873f7e5ee55f75690a21814e1c9d24b_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:7a4c0a4be506ea572c4e92dcf982e512b457ac407e50f6e1918222e74e547998_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:8cf80131852b0286a1c37951aceeed4672c2b2ec79404e9d24ba6226aaf6e3d3_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-api-rhel8@sha256:da7c94fef6c13de426492f80bd0e6ffaeefbc7243a52c25a0b50b13409f27ca3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:13dc44a684a981c8443054577ba974e16cbf5c2250cf299b084363ff62cca4bf_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:364bd3b69dcd4e362daca5b28a2f663537db35491566600683b42baf65ae0a3b_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:919ce4d550a7c801c6770424fbc20af457284853b897e4d93026a2fa451ad985_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-results-watcher-rhel8@sha256:b79cad87c2c29dfaa06921389a7f844a129f7ca565fc04d58db3a17ee6aed575_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:48403dc5bebb446bf2678fe5015282e30d1f9962d540395b0c4b9485367274ed_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:6431d010afbeecaa84dd29a5df6271ee886aed8df8f702d55b066858f4fa5510_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:9cb6891d5ed9bbe719b927b8c5bb1156fa37cf73cb539d2aedee7685dd95b8fa_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-rhel8-operator@sha256:f4838dc71f1c62782a67f4ae35e3a4cc72d11b10644491e461752140164f2570_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:0771070fdd2004d189c58feb9a0c62debed68985553570f1cc14d621f974e5cf_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:6ae9e91827c9c27aa908c07c956f233d6faaccd492d0966eee36ba086190c7d7_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:a9259b212e388a3648a5236a8597262e732a47c26b2040581dbb8f101dc226b4_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-serve-tkn-cli-rhel8@sha256:c986e1df834c8862a80390f8a605647d3a6f50e5fc1a13c6d92d2a89477f057e_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:3f199873cd481ff2a4e57f42c4e2e5831a6d586ac2f784e7376fae437ea7dfa8_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:70eabeabda582b788dc35b38c56e346f1eb1e03e802122f3dbebc03a3fe10b48_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:9c5aed4e686d4a61a8dbc268117a54386c937e6d559c95cf9ac775e73a5da470_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:ccba683724b61543d5d553aac65198f2d522f202d26a7950f54033099946ad2d_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:2dfdff7382bd8f605eae8be7a50d8c26bdb7288ad1872714cb6e699d6825a571_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:5627436ea299325eb23bfdf59eaad9b5278432a421746bfc2b790223723712c7_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:939d34be2719f922c797937f83c94a3f42c013766eb2e4cf4df9d7afc1d33993_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:e61d5775a496c35e97b5245bd4ad11ee67ecb0d1e65e2d155b51723d66ff2588_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:845db9b34b2ceb0a6a126796aba0f0368e6b028b0e472a278dec4626a2d07365_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a7f5864d2be8ed24e4e1edd517b9ba60a7f385aa556841dc4f1f19a9e37e8f69_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:a8d7b2773ba0936d6ee1ddc8725771d113893195c1a3601464a72232b15207e2_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-eventlistenersink-rhel8@sha256:e75a24593e79a36d593ec3818573875898561b327f74ee96fc1dd5124f9f7a19_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:8affee75c32087f61e1ecbe77ebd08269aa36d7ceaf5fb0ae1e9982f2488c39a_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:993b6cbb4990ee9355ce505aac2882a72481fa6a8c1bdb2114bd435167ae5fb3_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:ba3a8d4f2571f0c55391100c6616ab3d3c86a82a82bf82119a1714b61194517c_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:d99348b1b2ad44ee54043300389e534c54e85c7d3515148cccfc03abdef9ce00_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:9a3e514b0e95ebef02939fa92529647d82dcd6a4061c5d9483e376ddf454cc55_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:b08ad288721af271ade9a982fa00ac91de30784b5cf087fcc1a75857159a2c3c_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:bde79fe3e2cd0bf3142f41f7c804e97cdd88cb24ee34d60509fa83efc4877ecc_ppc64le",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-webhook-rhel8@sha256:fcacefc31f869dcb0287a54eeafcb4a44db8c13697ed486f2fcb5b3aa6b47041_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0ab99cc4f6f684aac86b57d6fb7c18eefac5f8dae1c9663f4903ca6f88baf6ed_s390x",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:26fb9b49f33fda7c7fa68a94db45210fa27119ac41376de9deef9af104bed059_amd64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:a8d7d8f7df1e2ea94bc4d221571bccd70c9f7d80955ba08b9281e2488e3c8752_arm64",
"8Base-PIPELINES-1.12:openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:e2790658d28dd41417c69476daf1d3e6f6228ed73ed07bc20aed1c5d9ff382eb_ppc64le"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6071
Vulnerability from csaf_redhat - Published: 2023-10-24 09:41 - Updated: 2026-06-05 00:59Summary
Red Hat Security Advisory: RHACS 4.0 enhancement and security update
Severity
Important
Notes
Topic: Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of RHACS 4.0.5 includes fixes for the following security
vulnerabilities:
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work
(CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack
(Rapid Reset Attack) (CVE-2023-44487)
* Various CVEs in containers for glibc security issues
A Red Hat Security Bulletin which addresses further details about this flaw is
available in the References section.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
RHACS 4.0.5 includes a new default policy called "Rapid Reset: Denial of Service
Vulnerability in HTTP/2 Protocol". This policy alerts on deployments with images
containing components that are susceptible to a Denial of Service (DoS)
vulnerability for HTTP/2 servers, based on CVE-2023-44487 and CVE-2023-39325.
This policy applies to the build or deploy life cycle stage.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:02afc60209fa02f98325677202887cf58a04dd334ead4bea9d601b2ebca60f25_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:39bc3203d9b1bb5031c8abdcf18b578cdb06d87939b92a1adbfe7f58f7263e5e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:4b727955da552e9137b8beaacb58743e242ca18c722da4c83d139d01f39ced67_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:203f669dfecbe15bf2c026191fac9f03cc2f0a24d4e8ebaa612e03f855cd412c_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ff2e32cba218f944d628ab1b12e13f47ba2f5c59198fbadfa91a48203ec65edc_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:683fc6bcd5de85b025df05e59c4ca7d895fb4a3764d65a53f5f0301fd59629a4_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:a0d9cd31d953aaf7e84f5a39f405c5aa2ea62e68d6c728a936ca1ffc4dc1b93e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:b52ff18b3d963f57dc7aeb5ffc8143aaa6eb76bea5e7912fe2f0fc6e7a6f3245_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3062a2b35b2911df16e2c4d19bd3e231f4e4f4bd64bfb2d909e54c85eb3bb282_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4774c909ac77d2d0efd233b54380166576ffa1695cabdc418b809e7beae4f684_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2d56340729ea34c80d7cf9342812a20ad2bb371c4ad4de656d55e3004352df1c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8a56051d40e5c4c82c188303b7572da6e4bf21ce1f999db97ab878f59431b8f5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0312f6391720d2552b067a597c6d30bd47bd72f0e173488b615b3da8e144eb0e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dc74190ce1f373590969a90aae941a6af820268aa41548bc06ae9c70da8afef5_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:65a60062866c15fab1eb1af75cc0fdeeec88e7c98c8d9a428a0a8272d6246b1c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:94d2ae7b3e409451320370ac05ed6a88be8546b2e756a306d904ef22a372c7b9_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bcf867cadab62b7761bce469db61cb231fadfa4e97c141fb0d8a2946cf548f74_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x | — |
Workaround
|
Threats
Impact
Important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of RHACS 4.0.5 includes fixes for the following security\nvulnerabilities:\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work\n(CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack\n(Rapid Reset Attack) (CVE-2023-44487)\n\n* Various CVEs in containers for glibc security issues\n\nA Red Hat Security Bulletin which addresses further details about this flaw is\navailable in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRHACS 4.0.5 includes a new default policy called \"Rapid Reset: Denial of Service\nVulnerability in HTTP/2 Protocol\". This policy alerts on deployments with images\ncontaining components that are susceptible to a Denial of Service (DoS)\nvulnerability for HTTP/2 servers, based on CVE-2023-44487 and CVE-2023-39325.\nThis policy applies to the build or deploy life cycle stage.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6071",
"url": "https://access.redhat.com/errata/RHSA-2023:6071"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/acs/4.0/release_notes/40-release-notes.html",
"url": "https://docs.openshift.com/acs/4.0/release_notes/40-release-notes.html"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6071.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.0 enhancement and security update",
"tracking": {
"current_release_date": "2026-06-05T00:59:38+00:00",
"generator": {
"date": "2026-06-05T00:59:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6071",
"initial_release_date": "2023-10-24T09:41:00+00:00",
"revision_history": [
{
"date": "2023-10-24T09:41:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-24T09:41:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:59:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.0 for RHEL 8",
"product": {
"name": "RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.0.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:02afc60209fa02f98325677202887cf58a04dd334ead4bea9d601b2ebca60f25_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:02afc60209fa02f98325677202887cf58a04dd334ead4bea9d601b2ebca60f25_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:02afc60209fa02f98325677202887cf58a04dd334ead4bea9d601b2ebca60f25_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:02afc60209fa02f98325677202887cf58a04dd334ead4bea9d601b2ebca60f25?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.0.5-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.0.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b52ff18b3d963f57dc7aeb5ffc8143aaa6eb76bea5e7912fe2f0fc6e7a6f3245_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b52ff18b3d963f57dc7aeb5ffc8143aaa6eb76bea5e7912fe2f0fc6e7a6f3245_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b52ff18b3d963f57dc7aeb5ffc8143aaa6eb76bea5e7912fe2f0fc6e7a6f3245_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:b52ff18b3d963f57dc7aeb5ffc8143aaa6eb76bea5e7912fe2f0fc6e7a6f3245?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.0.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2d56340729ea34c80d7cf9342812a20ad2bb371c4ad4de656d55e3004352df1c_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2d56340729ea34c80d7cf9342812a20ad2bb371c4ad4de656d55e3004352df1c_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2d56340729ea34c80d7cf9342812a20ad2bb371c4ad4de656d55e3004352df1c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:2d56340729ea34c80d7cf9342812a20ad2bb371c4ad4de656d55e3004352df1c?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.0.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dc74190ce1f373590969a90aae941a6af820268aa41548bc06ae9c70da8afef5_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dc74190ce1f373590969a90aae941a6af820268aa41548bc06ae9c70da8afef5_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dc74190ce1f373590969a90aae941a6af820268aa41548bc06ae9c70da8afef5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:dc74190ce1f373590969a90aae941a6af820268aa41548bc06ae9c70da8afef5?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bcf867cadab62b7761bce469db61cb231fadfa4e97c141fb0d8a2946cf548f74_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bcf867cadab62b7761bce469db61cb231fadfa4e97c141fb0d8a2946cf548f74_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bcf867cadab62b7761bce469db61cb231fadfa4e97c141fb0d8a2946cf548f74_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:bcf867cadab62b7761bce469db61cb231fadfa4e97c141fb0d8a2946cf548f74?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.0.5-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:203f669dfecbe15bf2c026191fac9f03cc2f0a24d4e8ebaa612e03f855cd412c_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:203f669dfecbe15bf2c026191fac9f03cc2f0a24d4e8ebaa612e03f855cd412c_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:203f669dfecbe15bf2c026191fac9f03cc2f0a24d4e8ebaa612e03f855cd412c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:203f669dfecbe15bf2c026191fac9f03cc2f0a24d4e8ebaa612e03f855cd412c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.0.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:4b727955da552e9137b8beaacb58743e242ca18c722da4c83d139d01f39ced67_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:4b727955da552e9137b8beaacb58743e242ca18c722da4c83d139d01f39ced67_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:4b727955da552e9137b8beaacb58743e242ca18c722da4c83d139d01f39ced67_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:4b727955da552e9137b8beaacb58743e242ca18c722da4c83d139d01f39ced67?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.0.5-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:683fc6bcd5de85b025df05e59c4ca7d895fb4a3764d65a53f5f0301fd59629a4_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:683fc6bcd5de85b025df05e59c4ca7d895fb4a3764d65a53f5f0301fd59629a4_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:683fc6bcd5de85b025df05e59c4ca7d895fb4a3764d65a53f5f0301fd59629a4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:683fc6bcd5de85b025df05e59c4ca7d895fb4a3764d65a53f5f0301fd59629a4?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.0.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4774c909ac77d2d0efd233b54380166576ffa1695cabdc418b809e7beae4f684_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4774c909ac77d2d0efd233b54380166576ffa1695cabdc418b809e7beae4f684_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4774c909ac77d2d0efd233b54380166576ffa1695cabdc418b809e7beae4f684_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:4774c909ac77d2d0efd233b54380166576ffa1695cabdc418b809e7beae4f684?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:94d2ae7b3e409451320370ac05ed6a88be8546b2e756a306d904ef22a372c7b9_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:94d2ae7b3e409451320370ac05ed6a88be8546b2e756a306d904ef22a372c7b9_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:94d2ae7b3e409451320370ac05ed6a88be8546b2e756a306d904ef22a372c7b9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:94d2ae7b3e409451320370ac05ed6a88be8546b2e756a306d904ef22a372c7b9?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.0.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.0.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.0.5-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ff2e32cba218f944d628ab1b12e13f47ba2f5c59198fbadfa91a48203ec65edc_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ff2e32cba218f944d628ab1b12e13f47ba2f5c59198fbadfa91a48203ec65edc_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ff2e32cba218f944d628ab1b12e13f47ba2f5c59198fbadfa91a48203ec65edc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:ff2e32cba218f944d628ab1b12e13f47ba2f5c59198fbadfa91a48203ec65edc?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.0.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:39bc3203d9b1bb5031c8abdcf18b578cdb06d87939b92a1adbfe7f58f7263e5e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:39bc3203d9b1bb5031c8abdcf18b578cdb06d87939b92a1adbfe7f58f7263e5e_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:39bc3203d9b1bb5031c8abdcf18b578cdb06d87939b92a1adbfe7f58f7263e5e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:39bc3203d9b1bb5031c8abdcf18b578cdb06d87939b92a1adbfe7f58f7263e5e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.0.5-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:a0d9cd31d953aaf7e84f5a39f405c5aa2ea62e68d6c728a936ca1ffc4dc1b93e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:a0d9cd31d953aaf7e84f5a39f405c5aa2ea62e68d6c728a936ca1ffc4dc1b93e_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:a0d9cd31d953aaf7e84f5a39f405c5aa2ea62e68d6c728a936ca1ffc4dc1b93e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:a0d9cd31d953aaf7e84f5a39f405c5aa2ea62e68d6c728a936ca1ffc4dc1b93e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.0.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3062a2b35b2911df16e2c4d19bd3e231f4e4f4bd64bfb2d909e54c85eb3bb282_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3062a2b35b2911df16e2c4d19bd3e231f4e4f4bd64bfb2d909e54c85eb3bb282_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3062a2b35b2911df16e2c4d19bd3e231f4e4f4bd64bfb2d909e54c85eb3bb282_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:3062a2b35b2911df16e2c4d19bd3e231f4e4f4bd64bfb2d909e54c85eb3bb282?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:65a60062866c15fab1eb1af75cc0fdeeec88e7c98c8d9a428a0a8272d6246b1c_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:65a60062866c15fab1eb1af75cc0fdeeec88e7c98c8d9a428a0a8272d6246b1c_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:65a60062866c15fab1eb1af75cc0fdeeec88e7c98c8d9a428a0a8272d6246b1c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:65a60062866c15fab1eb1af75cc0fdeeec88e7c98c8d9a428a0a8272d6246b1c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.0.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8a56051d40e5c4c82c188303b7572da6e4bf21ce1f999db97ab878f59431b8f5_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8a56051d40e5c4c82c188303b7572da6e4bf21ce1f999db97ab878f59431b8f5_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8a56051d40e5c4c82c188303b7572da6e4bf21ce1f999db97ab878f59431b8f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:8a56051d40e5c4c82c188303b7572da6e4bf21ce1f999db97ab878f59431b8f5?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.0.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0312f6391720d2552b067a597c6d30bd47bd72f0e173488b615b3da8e144eb0e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0312f6391720d2552b067a597c6d30bd47bd72f0e173488b615b3da8e144eb0e_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0312f6391720d2552b067a597c6d30bd47bd72f0e173488b615b3da8e144eb0e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:0312f6391720d2552b067a597c6d30bd47bd72f0e173488b615b3da8e144eb0e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.0.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.0.5-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:203f669dfecbe15bf2c026191fac9f03cc2f0a24d4e8ebaa612e03f855cd412c_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:203f669dfecbe15bf2c026191fac9f03cc2f0a24d4e8ebaa612e03f855cd412c_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:203f669dfecbe15bf2c026191fac9f03cc2f0a24d4e8ebaa612e03f855cd412c_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ff2e32cba218f944d628ab1b12e13f47ba2f5c59198fbadfa91a48203ec65edc_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ff2e32cba218f944d628ab1b12e13f47ba2f5c59198fbadfa91a48203ec65edc_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ff2e32cba218f944d628ab1b12e13f47ba2f5c59198fbadfa91a48203ec65edc_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:02afc60209fa02f98325677202887cf58a04dd334ead4bea9d601b2ebca60f25_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:02afc60209fa02f98325677202887cf58a04dd334ead4bea9d601b2ebca60f25_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:02afc60209fa02f98325677202887cf58a04dd334ead4bea9d601b2ebca60f25_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:39bc3203d9b1bb5031c8abdcf18b578cdb06d87939b92a1adbfe7f58f7263e5e_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:39bc3203d9b1bb5031c8abdcf18b578cdb06d87939b92a1adbfe7f58f7263e5e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:39bc3203d9b1bb5031c8abdcf18b578cdb06d87939b92a1adbfe7f58f7263e5e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:4b727955da552e9137b8beaacb58743e242ca18c722da4c83d139d01f39ced67_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:4b727955da552e9137b8beaacb58743e242ca18c722da4c83d139d01f39ced67_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:4b727955da552e9137b8beaacb58743e242ca18c722da4c83d139d01f39ced67_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:683fc6bcd5de85b025df05e59c4ca7d895fb4a3764d65a53f5f0301fd59629a4_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:683fc6bcd5de85b025df05e59c4ca7d895fb4a3764d65a53f5f0301fd59629a4_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:683fc6bcd5de85b025df05e59c4ca7d895fb4a3764d65a53f5f0301fd59629a4_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:a0d9cd31d953aaf7e84f5a39f405c5aa2ea62e68d6c728a936ca1ffc4dc1b93e_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:a0d9cd31d953aaf7e84f5a39f405c5aa2ea62e68d6c728a936ca1ffc4dc1b93e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:a0d9cd31d953aaf7e84f5a39f405c5aa2ea62e68d6c728a936ca1ffc4dc1b93e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b52ff18b3d963f57dc7aeb5ffc8143aaa6eb76bea5e7912fe2f0fc6e7a6f3245_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:b52ff18b3d963f57dc7aeb5ffc8143aaa6eb76bea5e7912fe2f0fc6e7a6f3245_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:b52ff18b3d963f57dc7aeb5ffc8143aaa6eb76bea5e7912fe2f0fc6e7a6f3245_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3062a2b35b2911df16e2c4d19bd3e231f4e4f4bd64bfb2d909e54c85eb3bb282_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3062a2b35b2911df16e2c4d19bd3e231f4e4f4bd64bfb2d909e54c85eb3bb282_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3062a2b35b2911df16e2c4d19bd3e231f4e4f4bd64bfb2d909e54c85eb3bb282_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4774c909ac77d2d0efd233b54380166576ffa1695cabdc418b809e7beae4f684_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4774c909ac77d2d0efd233b54380166576ffa1695cabdc418b809e7beae4f684_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4774c909ac77d2d0efd233b54380166576ffa1695cabdc418b809e7beae4f684_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2d56340729ea34c80d7cf9342812a20ad2bb371c4ad4de656d55e3004352df1c_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2d56340729ea34c80d7cf9342812a20ad2bb371c4ad4de656d55e3004352df1c_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2d56340729ea34c80d7cf9342812a20ad2bb371c4ad4de656d55e3004352df1c_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8a56051d40e5c4c82c188303b7572da6e4bf21ce1f999db97ab878f59431b8f5_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8a56051d40e5c4c82c188303b7572da6e4bf21ce1f999db97ab878f59431b8f5_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8a56051d40e5c4c82c188303b7572da6e4bf21ce1f999db97ab878f59431b8f5_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0312f6391720d2552b067a597c6d30bd47bd72f0e173488b615b3da8e144eb0e_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0312f6391720d2552b067a597c6d30bd47bd72f0e173488b615b3da8e144eb0e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0312f6391720d2552b067a597c6d30bd47bd72f0e173488b615b3da8e144eb0e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dc74190ce1f373590969a90aae941a6af820268aa41548bc06ae9c70da8afef5_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dc74190ce1f373590969a90aae941a6af820268aa41548bc06ae9c70da8afef5_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dc74190ce1f373590969a90aae941a6af820268aa41548bc06ae9c70da8afef5_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:65a60062866c15fab1eb1af75cc0fdeeec88e7c98c8d9a428a0a8272d6246b1c_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:65a60062866c15fab1eb1af75cc0fdeeec88e7c98c8d9a428a0a8272d6246b1c_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:65a60062866c15fab1eb1af75cc0fdeeec88e7c98c8d9a428a0a8272d6246b1c_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:94d2ae7b3e409451320370ac05ed6a88be8546b2e756a306d904ef22a372c7b9_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:94d2ae7b3e409451320370ac05ed6a88be8546b2e756a306d904ef22a372c7b9_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:94d2ae7b3e409451320370ac05ed6a88be8546b2e756a306d904ef22a372c7b9_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bcf867cadab62b7761bce469db61cb231fadfa4e97c141fb0d8a2946cf548f74_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bcf867cadab62b7761bce469db61cb231fadfa4e97c141fb0d8a2946cf548f74_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bcf867cadab62b7761bce469db61cb231fadfa4e97c141fb0d8a2946cf548f74_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:203f669dfecbe15bf2c026191fac9f03cc2f0a24d4e8ebaa612e03f855cd412c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ff2e32cba218f944d628ab1b12e13f47ba2f5c59198fbadfa91a48203ec65edc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:683fc6bcd5de85b025df05e59c4ca7d895fb4a3764d65a53f5f0301fd59629a4_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:a0d9cd31d953aaf7e84f5a39f405c5aa2ea62e68d6c728a936ca1ffc4dc1b93e_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:b52ff18b3d963f57dc7aeb5ffc8143aaa6eb76bea5e7912fe2f0fc6e7a6f3245_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3062a2b35b2911df16e2c4d19bd3e231f4e4f4bd64bfb2d909e54c85eb3bb282_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4774c909ac77d2d0efd233b54380166576ffa1695cabdc418b809e7beae4f684_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2d56340729ea34c80d7cf9342812a20ad2bb371c4ad4de656d55e3004352df1c_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8a56051d40e5c4c82c188303b7572da6e4bf21ce1f999db97ab878f59431b8f5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0312f6391720d2552b067a597c6d30bd47bd72f0e173488b615b3da8e144eb0e_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dc74190ce1f373590969a90aae941a6af820268aa41548bc06ae9c70da8afef5_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:65a60062866c15fab1eb1af75cc0fdeeec88e7c98c8d9a428a0a8272d6246b1c_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:94d2ae7b3e409451320370ac05ed6a88be8546b2e756a306d904ef22a372c7b9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bcf867cadab62b7761bce469db61cb231fadfa4e97c141fb0d8a2946cf548f74_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:02afc60209fa02f98325677202887cf58a04dd334ead4bea9d601b2ebca60f25_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:39bc3203d9b1bb5031c8abdcf18b578cdb06d87939b92a1adbfe7f58f7263e5e_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:4b727955da552e9137b8beaacb58743e242ca18c722da4c83d139d01f39ced67_s390x"
],
"known_not_affected": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:203f669dfecbe15bf2c026191fac9f03cc2f0a24d4e8ebaa612e03f855cd412c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ff2e32cba218f944d628ab1b12e13f47ba2f5c59198fbadfa91a48203ec65edc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:683fc6bcd5de85b025df05e59c4ca7d895fb4a3764d65a53f5f0301fd59629a4_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:a0d9cd31d953aaf7e84f5a39f405c5aa2ea62e68d6c728a936ca1ffc4dc1b93e_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:b52ff18b3d963f57dc7aeb5ffc8143aaa6eb76bea5e7912fe2f0fc6e7a6f3245_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3062a2b35b2911df16e2c4d19bd3e231f4e4f4bd64bfb2d909e54c85eb3bb282_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4774c909ac77d2d0efd233b54380166576ffa1695cabdc418b809e7beae4f684_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2d56340729ea34c80d7cf9342812a20ad2bb371c4ad4de656d55e3004352df1c_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8a56051d40e5c4c82c188303b7572da6e4bf21ce1f999db97ab878f59431b8f5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0312f6391720d2552b067a597c6d30bd47bd72f0e173488b615b3da8e144eb0e_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dc74190ce1f373590969a90aae941a6af820268aa41548bc06ae9c70da8afef5_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:65a60062866c15fab1eb1af75cc0fdeeec88e7c98c8d9a428a0a8272d6246b1c_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:94d2ae7b3e409451320370ac05ed6a88be8546b2e756a306d904ef22a372c7b9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bcf867cadab62b7761bce469db61cb231fadfa4e97c141fb0d8a2946cf548f74_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T09:41:00+00:00",
"details": "If you are using an earlier version of RHACS 4.0, you are advised to upgrade to patch release 4.0.5.",
"product_ids": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:02afc60209fa02f98325677202887cf58a04dd334ead4bea9d601b2ebca60f25_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:39bc3203d9b1bb5031c8abdcf18b578cdb06d87939b92a1adbfe7f58f7263e5e_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:4b727955da552e9137b8beaacb58743e242ca18c722da4c83d139d01f39ced67_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6071"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:203f669dfecbe15bf2c026191fac9f03cc2f0a24d4e8ebaa612e03f855cd412c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ff2e32cba218f944d628ab1b12e13f47ba2f5c59198fbadfa91a48203ec65edc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:02afc60209fa02f98325677202887cf58a04dd334ead4bea9d601b2ebca60f25_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:39bc3203d9b1bb5031c8abdcf18b578cdb06d87939b92a1adbfe7f58f7263e5e_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:4b727955da552e9137b8beaacb58743e242ca18c722da4c83d139d01f39ced67_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:683fc6bcd5de85b025df05e59c4ca7d895fb4a3764d65a53f5f0301fd59629a4_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:a0d9cd31d953aaf7e84f5a39f405c5aa2ea62e68d6c728a936ca1ffc4dc1b93e_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:b52ff18b3d963f57dc7aeb5ffc8143aaa6eb76bea5e7912fe2f0fc6e7a6f3245_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3062a2b35b2911df16e2c4d19bd3e231f4e4f4bd64bfb2d909e54c85eb3bb282_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4774c909ac77d2d0efd233b54380166576ffa1695cabdc418b809e7beae4f684_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2d56340729ea34c80d7cf9342812a20ad2bb371c4ad4de656d55e3004352df1c_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8a56051d40e5c4c82c188303b7572da6e4bf21ce1f999db97ab878f59431b8f5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0312f6391720d2552b067a597c6d30bd47bd72f0e173488b615b3da8e144eb0e_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dc74190ce1f373590969a90aae941a6af820268aa41548bc06ae9c70da8afef5_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:65a60062866c15fab1eb1af75cc0fdeeec88e7c98c8d9a428a0a8272d6246b1c_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:94d2ae7b3e409451320370ac05ed6a88be8546b2e756a306d904ef22a372c7b9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bcf867cadab62b7761bce469db61cb231fadfa4e97c141fb0d8a2946cf548f74_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:203f669dfecbe15bf2c026191fac9f03cc2f0a24d4e8ebaa612e03f855cd412c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ff2e32cba218f944d628ab1b12e13f47ba2f5c59198fbadfa91a48203ec65edc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:02afc60209fa02f98325677202887cf58a04dd334ead4bea9d601b2ebca60f25_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:39bc3203d9b1bb5031c8abdcf18b578cdb06d87939b92a1adbfe7f58f7263e5e_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:4b727955da552e9137b8beaacb58743e242ca18c722da4c83d139d01f39ced67_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:683fc6bcd5de85b025df05e59c4ca7d895fb4a3764d65a53f5f0301fd59629a4_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:a0d9cd31d953aaf7e84f5a39f405c5aa2ea62e68d6c728a936ca1ffc4dc1b93e_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:b52ff18b3d963f57dc7aeb5ffc8143aaa6eb76bea5e7912fe2f0fc6e7a6f3245_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3062a2b35b2911df16e2c4d19bd3e231f4e4f4bd64bfb2d909e54c85eb3bb282_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:4774c909ac77d2d0efd233b54380166576ffa1695cabdc418b809e7beae4f684_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:2d56340729ea34c80d7cf9342812a20ad2bb371c4ad4de656d55e3004352df1c_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8a56051d40e5c4c82c188303b7572da6e4bf21ce1f999db97ab878f59431b8f5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0312f6391720d2552b067a597c6d30bd47bd72f0e173488b615b3da8e144eb0e_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dc74190ce1f373590969a90aae941a6af820268aa41548bc06ae9c70da8afef5_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:65a60062866c15fab1eb1af75cc0fdeeec88e7c98c8d9a428a0a8272d6246b1c_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:94d2ae7b3e409451320370ac05ed6a88be8546b2e756a306d904ef22a372c7b9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:bcf867cadab62b7761bce469db61cb231fadfa4e97c141fb0d8a2946cf548f74_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
}
]
}
RHSA-2023:6077
Vulnerability from csaf_redhat - Published: 2023-10-24 12:18 - Updated: 2026-06-05 00:59Summary
Red Hat Security Advisory: toolbox security update
Severity
Moderate
Notes
Topic: An updated rhel9/toolbox container image is now available in the Red Hat container registry.
Details: The rhel9/toolbox container image can be used with Toolbox to obtain RHEL based containerized command line environments to aid with development and software testing. Toolbox is built on top of Podman and other standard container technologies from OCI.
This updates the rhel9/toolbox image in the Red Hat container registry.
To pull this container image, run one of the following commands:
podman pull registry.redhat.io/rhel9/toolbox (authenticated)
podman pull registry.access.redhat.com/ubi9/toolbox (unauthenticated)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated rhel9/toolbox container image is now available in the Red Hat container registry.",
"title": "Topic"
},
{
"category": "general",
"text": "The rhel9/toolbox container image can be used with Toolbox to obtain RHEL based containerized command line environments to aid with development and software testing. Toolbox is built on top of Podman and other standard container technologies from OCI.\n\nThis updates the rhel9/toolbox image in the Red Hat container registry.\n\nTo pull this container image, run one of the following commands:\n\n podman pull registry.redhat.io/rhel9/toolbox (authenticated)\n podman pull registry.access.redhat.com/ubi9/toolbox (unauthenticated)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6077",
"url": "https://access.redhat.com/errata/RHSA-2023:6077"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/software/containers/search",
"url": "https://catalog.redhat.com/software/containers/search"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6077.json"
}
],
"title": "Red Hat Security Advisory: toolbox security update",
"tracking": {
"current_release_date": "2026-06-05T00:59:36+00:00",
"generator": {
"date": "2026-06-05T00:59:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6077",
"initial_release_date": "2023-10-24T12:18:38+00:00",
"revision_history": [
{
"date": "2023-10-24T12:18:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-24T12:18:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:59:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-10.el9_2.src",
"product": {
"name": "toolbox-0:0.0.99.3-10.el9_2.src",
"product_id": "toolbox-0:0.0.99.3-10.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-10.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-10.el9_2.aarch64",
"product": {
"name": "toolbox-0:0.0.99.3-10.el9_2.aarch64",
"product_id": "toolbox-0:0.0.99.3-10.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-10.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-10.el9_2.aarch64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-10.el9_2.aarch64",
"product_id": "toolbox-tests-0:0.0.99.3-10.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-10.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64",
"product_id": "toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-10.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-10.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-10.el9_2.ppc64le",
"product": {
"name": "toolbox-0:0.0.99.3-10.el9_2.ppc64le",
"product_id": "toolbox-0:0.0.99.3-10.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-10.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le",
"product": {
"name": "toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le",
"product_id": "toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-10.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le",
"product_id": "toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-10.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le",
"product_id": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-10.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-10.el9_2.x86_64",
"product": {
"name": "toolbox-0:0.0.99.3-10.el9_2.x86_64",
"product_id": "toolbox-0:0.0.99.3-10.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-10.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-10.el9_2.x86_64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-10.el9_2.x86_64",
"product_id": "toolbox-tests-0:0.0.99.3-10.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-10.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64",
"product_id": "toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-10.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-10.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-10.el9_2.s390x",
"product": {
"name": "toolbox-0:0.0.99.3-10.el9_2.s390x",
"product_id": "toolbox-0:0.0.99.3-10.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-10.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-10.el9_2.s390x",
"product": {
"name": "toolbox-tests-0:0.0.99.3-10.el9_2.s390x",
"product_id": "toolbox-tests-0:0.0.99.3-10.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-10.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x",
"product_id": "toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-10.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x",
"product_id": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-10.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-10.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.aarch64"
},
"product_reference": "toolbox-0:0.0.99.3-10.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-10.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.ppc64le"
},
"product_reference": "toolbox-0:0.0.99.3-10.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-10.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.s390x"
},
"product_reference": "toolbox-0:0.0.99.3-10.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-10.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.src"
},
"product_reference": "toolbox-0:0.0.99.3-10.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-10.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.x86_64"
},
"product_reference": "toolbox-0:0.0.99.3-10.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-10.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.aarch64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-10.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le"
},
"product_reference": "toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-10.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.s390x"
},
"product_reference": "toolbox-tests-0:0.0.99.3-10.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-10.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.x86_64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-10.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:18:38+00:00",
"details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the \"podman pull\" command.\n\nFor more information about the image, search the \u003cimage_name\u003e in the Red Hat Ecosystem Catalog: https://catalog.redhat.com/software/containers/search.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6077"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T12:18:38+00:00",
"details": "The container image provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the \"podman pull\" command.\n\nFor more information about the image, search the \u003cimage_name\u003e in the Red Hat Ecosystem Catalog: https://catalog.redhat.com/software/containers/search.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6077"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debuginfo-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-debugsource-0:0.0.99.3-10.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:toolbox-tests-0:0.0.99.3-10.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:6084
Vulnerability from csaf_redhat - Published: 2023-10-24 14:57 - Updated: 2026-06-05 00:59Summary
Red Hat Security Advisory: RHACS 3.74 enhancement and security update
Severity
Important
Notes
Topic: Updated images are now available for Red Hat Advanced Cluster Security. The
updated image includes new features and bug fixes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of RHACS 3.74.7 includes fixes for the following security
vulnerabilities:
* golang: net/http, x/net/http2: rapid stream resets can cause excessive
work
(CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS
attack
(Rapid Reset Attack) (CVE-2023-44487)
* Various CVEs in containers for glibc security issues
A Red Hat Security Bulletin which addresses further details about this flaw
is
available in the References section.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.
RHACS 3.74.7 includes a new default policy called "Rapid Reset: Denial of
Service
Vulnerability in HTTP/2 Protocol". This policy alerts on deployments with
images
containing components that are susceptible to a Denial of Service (DoS)
vulnerability for HTTP/2 servers, based on CVE-2023-44487 and
CVE-2023-39325.
This policy applies to the build or deploy life cycle stage.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security. The\nupdated image includes new features and bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of RHACS 3.74.7 includes fixes for the following security\nvulnerabilities:\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive\nwork\n(CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS\nattack\n(Rapid Reset Attack) (CVE-2023-44487)\n\n* Various CVEs in containers for glibc security issues\n\nA Red Hat Security Bulletin which addresses further details about this flaw\nis\navailable in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.\n\nRHACS 3.74.7 includes a new default policy called \"Rapid Reset: Denial of\nService\nVulnerability in HTTP/2 Protocol\". This policy alerts on deployments with\nimages\ncontaining components that are susceptible to a Denial of Service (DoS)\nvulnerability for HTTP/2 servers, based on CVE-2023-44487 and\nCVE-2023-39325.\nThis policy applies to the build or deploy life cycle stage.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:6084",
"url": "https://access.redhat.com/errata/RHSA-2023:6084"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://docs.openshift.com/acs/3.74/release_notes/374-release-notes.html",
"url": "https://docs.openshift.com/acs/3.74/release_notes/374-release-notes.html"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6084.json"
}
],
"title": "Red Hat Security Advisory: RHACS 3.74 enhancement and security update",
"tracking": {
"current_release_date": "2026-06-05T00:59:38+00:00",
"generator": {
"date": "2026-06-05T00:59:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:6084",
"initial_release_date": "2023-10-24T14:57:00+00:00",
"revision_history": [
{
"date": "2023-10-24T14:57:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-24T14:57:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:59:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 3.74 for RHEL 8",
"product": {
"name": "RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=3.74.7-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=3.74.7-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=3.74.7-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=3.74.7-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=3.74.7-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=3.74.7-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=3.74.7-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=3.74.7-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=3.74.7-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=3.74.7-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=3.74.7-2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=3.74.7-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=3.74.7-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=3.74.7-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=3.74.7-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=3.74.7-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=3.74.7-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=3.74.7-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=3.74.7-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=3.74.7-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=3.74.7-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=3.74.7-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=3.74.7-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=3.74.7-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=3.74.7-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=3.74.7-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=3.74.7-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=3.74.7-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=3.74.7-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=3.74.7-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=3.74.7-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=3.74.7-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=3.74.7-2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64 as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64 as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64 as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64 as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64 as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64 as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64 as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64 as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64 as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64 as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64 as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x",
"relates_to_product_reference": "8Base-RHACS-3.74"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le as a component of RHACS 3.74 for RHEL 8",
"product_id": "8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le",
"relates_to_product_reference": "8Base-RHACS-3.74"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x"
],
"known_not_affected": [
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T14:57:00+00:00",
"details": "If you are using an earlier version of RHACS 3.74, you are advised to upgrade to patch release 3.74.7.",
"product_ids": [
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6084"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x"
],
"known_not_affected": [
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-24T14:57:00+00:00",
"details": "If you are using an earlier version of RHACS 3.74, you are advised to upgrade to patch release 3.74.7.",
"product_ids": [
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:6084"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:4953938e00bf4114fa18e0520ccf20611686da2372615187e5c4f2fdfbb01e06_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:c4915dcdfd96742aa5ba9ca38d0de9938ce9c85f6fffa867c35427829ee7462f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f8fa778d169160543339202f870232b6b00a1d01347f4041565cae9acc910ea9_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:0ae622d315c3f3b23d76b7bc864c8b3d45d53db76a1fcc46d77be0c126bb93ea_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:623ece01f5d7af6844848879985ca0a9a50473cf3e3bb6f4923280948d9ff896_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-rhel8@sha256:6246642e8ac76535613ae5758a0cbc1e408440de2ea2f8cc208c96d7266aac22_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8c32a894305bb7fc0ac7ed37872a8dbb09f50c387bd7eb9c955c6cd11c9cf4fe_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:927d84e4c8b52de401106d5aa10605eee94ce911a9d8e81e0c41d3b8beb7c63a_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:e5bba2853add1a8dee9cd34a542b4baf82a50091a917c83b74ade4298528bd3e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:0a7f042c6158dbc550e5f32ecbf5829ed925d2c9fdf30c1705ff4c3ce4bce077_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:729e49fb7cfe2bd21541b1e82ccbb77197285aa90486b0c1685379484a956dd9_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-main-rhel8@sha256:95265ddc882b2548ed35ae247b283d0f25dce30a3904717396fe17c701d4eb81_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:42a9acbb0b0a6db326b51044c7e9c99f7a89b5861ac706eab1595b34146b77c4_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:55bea5ed24d5fda12c5a6ac34a908da2c471937fb2c934df1188b806ab56d96e_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-operator-bundle@sha256:b8aa66884d5fdfc0383d7a6fdf34418b2c55a00f441fa41a374ca405d7b3f068_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:2adb884147e473b17086eb7cd5462fdd4ab18e6bdc81cd81940001be4a5b67c7_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:373275fba75136a5735ce6a98b94f6b44fc6122d278fdc347f8a8c4740ebcf33_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-rhel8-operator@sha256:8dd2654d1e078941de8b8cbd1d9aa3348ff8893c35edb5c513116129eae74207_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:060f753e5e57904fd0b3cea1f47f5a45a300ba40c3de448dce04fc4857200127_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad2b63ce031af12d8c31eb40652e324ea9cc5891624c4e1683c00d2948825c0f_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ce71c4526b7cd5d2bebf771b38e6ac61a12c5dabe3d0f9963e27245944f9e6db_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:83e47a2dc1741bb81aa566f2b310ef0bd47a43792bcca823cdb8ee293c3c3e82_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:ad7c57277851a741e0bc2536f564e86b59be8377366f4b1b7ea79aaa662dc6fa_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:b565441374903dafa3ee00f015cabdf3c16b282d143fb1c9c91dcd126697d71d_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:172711e18b4289efdda02b662beeaa6941f7b41a533410871c9505b76f6a4481_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:7c15e7d6064a4f45e6aabb8ff309bd0244ff789ee392815d85f2321a90917929_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:b0d4ba54ba1e9bf8afe640c9c5b2c5eed807c22423a75e39702c033e41c93229_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2468f097410bad3de5799b9d46801a04b4580a53d05498dcae37edf73c157826_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8e8acf87581468fd98a97fe28438ea0146b3d8c2b12a322f5c63bf11b4588d81_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f2ebd7e0fba97e74519ce5e05c1a5205e5a76d72ae88e8c83d4722f1f8c8950b_ppc64le",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2a7393086842c64287c32d7cc99ba498c53ec164b3309df59277fb1bef6bbbad_amd64",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:358e601cd9e79a86df7bc735fc593a707ad4fc4e14ed8f39131297a26fb282c3_s390x",
"8Base-RHACS-3.74:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:668c8f074fd4b5ee1cd55f3f4b139965b570b0344e8e3b248cc0fecc14a7e4a6_ppc64le"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…