Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-39325 (GCVE-0-2023-39325)
Vulnerability from cvelistv5 – Published: 2023-10-11 21:15 – Updated: 2025-02-13 17:02
VLAI
EPSS
Title
HTTP/2 rapid reset can cause excessive work in net/http
Summary
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
43 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/http |
Affected:
0 , < 1.20.10
(semver)
Affected: 1.21.0-0 , < 1.21.3 (semver) |
|
| golang.org/x/net | golang.org/x/net/http2 |
Affected:
0 , < 0.17.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/63417"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/534215"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/534235"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "http2serverConn.serve"
},
{
"name": "http2serverConn.processHeaders"
},
{
"name": "http2serverConn.upgradeRequest"
},
{
"name": "http2serverConn.runHandler"
},
{
"name": "ListenAndServe"
},
{
"name": "ListenAndServeTLS"
},
{
"name": "Serve"
},
{
"name": "ServeTLS"
},
{
"name": "Server.ListenAndServe"
},
{
"name": "Server.ListenAndServeTLS"
},
{
"name": "Server.Serve"
},
{
"name": "Server.ServeTLS"
},
{
"name": "http2Server.ServeConn"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.20.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.21.3",
"status": "affected",
"version": "1.21.0-0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2",
"product": "golang.org/x/net/http2",
"programRoutines": [
{
"name": "serverConn.serve"
},
{
"name": "serverConn.processHeaders"
},
{
"name": "serverConn.upgradeRequest"
},
{
"name": "serverConn.runHandler"
},
{
"name": "Server.ServeConn"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.17.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-28T04:05:57.980Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/63417"
},
{
"url": "https://go.dev/cl/534215"
},
{
"url": "https://go.dev/cl/534235"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
},
{
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
}
],
"title": "HTTP/2 rapid reset can cause excessive work in net/http"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2023-39325",
"datePublished": "2023-10-11T21:15:02.727Z",
"dateReserved": "2023-07-27T17:05:55.188Z",
"dateUpdated": "2025-02-13T17:02:50.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-39325",
"date": "2026-06-04",
"epss": "0.0015",
"percentile": "0.3519"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-39325\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2023-10-11T22:15:09.880\",\"lastModified\":\"2024-11-21T08:15:09.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.\"},{\"lang\":\"es\",\"value\":\"Un cliente HTTP/2 malicioso que crea solicitudes r\u00e1pidamente y las restablece inmediatamente puede provocar un consumo excesivo de recursos del servidor. Si bien el n\u00famero total de solicitudes est\u00e1 limitado por la configuraci\u00f3n http2.Server.MaxConcurrentStreams, restablecer una solicitud en curso permite al atacante crear una nueva solicitud mientras la existente a\u00fan se est\u00e1 ejecutando. Con la soluci\u00f3n aplicada, los servidores HTTP/2 ahora vincularon el n\u00famero de rutinas de controlador que se ejecutan simult\u00e1neamente al l\u00edmite de concurrencia de transmisi\u00f3n (MaxConcurrentStreams). Las nuevas solicitudes que lleguen cuando se encuentre en el l\u00edmite (lo que solo puede ocurrir despu\u00e9s de que el cliente haya restablecido una solicitud existente en curso) se pondr\u00e1n en cola hasta que salga un controlador. Si la cola de solicitudes crece demasiado, el servidor finalizar\u00e1 la conexi\u00f3n. Este problema tambi\u00e9n se solucion\u00f3 en golang.org/x/net/http2 para los usuarios que configuran HTTP/2 manualmente. El l\u00edmite de simultaneidad de transmisiones predeterminado es 250 transmisiones (solicitudes) por conexi\u00f3n HTTP/2. Este valor se puede ajustar utilizando el paquete golang.org/x/net/http2; consulte la configuraci\u00f3n Server.MaxConcurrentStreams y la funci\u00f3n ConfigureServer.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.20.0\",\"versionEndExcluding\":\"1.20.10\",\"matchCriteriaId\":\"99C776A5-1409-4638-AB9A-8A2B053DBFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.3\",\"matchCriteriaId\":\"5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"D7D2F801-6F65-4705-BCB9-D057EA54A707\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_trident:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E44A7B-F32A-43F2-B41A-CB3049100DF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_trident_autosupport:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25008095-A75E-4E34-9538-61B6334BB0F9\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/534215\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/534235\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/63417\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\",\"source\":\"security@golang.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2102\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231110-0008/\",\"source\":\"security@golang.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://go.dev/cl/534215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/534235\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/63417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231110-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2023:5810
Vulnerability from csaf_redhat - Published: 2023-10-17 18:50 - Updated: 2026-06-04 17:40Summary
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update
Severity
Important
Notes
Topic: An update is now available for Red Hat Ansible Automation Platform 2.3
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.
Security Fix(es):
* receptor: golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional changes: * receptor has been updated to 1.4.2
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el8ap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el8ap.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptorctl-0:1.4.2-1.el8ap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el8ap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el8ap.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptorctl-0:1.4.2-1.el8ap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el8ap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el8ap.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Ansible-Automation-Platform-2.3:receptorctl-0:1.4.2-1.el8ap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el9ap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el9ap.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptorctl-0:1.4.2-1.el9ap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el9ap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el9ap.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptorctl-0:1.4.2-1.el9ap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el9ap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el9ap.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Ansible-Automation-Platform-2.3:receptorctl-0:1.4.2-1.el9ap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Ansible Automation Platform 2.3\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.\n\nSecurity Fix(es):\n* receptor: golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional changes: * receptor has been updated to 1.4.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5810",
"url": "https://access.redhat.com/errata/RHSA-2023:5810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5810.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update",
"tracking": {
"current_release_date": "2026-06-04T17:40:52+00:00",
"generator": {
"date": "2026-06-04T17:40:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5810",
"initial_release_date": "2023-10-17T18:50:43+00:00",
"revision_history": [
{
"date": "2023-10-17T18:50:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-17T18:50:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T17:40:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.3::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.3-Inside-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product": {
"name": "Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.3-Developer-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.3::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.3-Inside-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_inside:2.3::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.3-Developer-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "receptor-0:1.4.2-1.el8ap.src",
"product": {
"name": "receptor-0:1.4.2-1.el8ap.src",
"product_id": "receptor-0:1.4.2-1.el8ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.4.2-1.el8ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "receptor-0:1.4.2-1.el9ap.src",
"product": {
"name": "receptor-0:1.4.2-1.el9ap.src",
"product_id": "receptor-0:1.4.2-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.4.2-1.el9ap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "receptorctl-0:1.4.2-1.el8ap.noarch",
"product": {
"name": "receptorctl-0:1.4.2-1.el8ap.noarch",
"product_id": "receptorctl-0:1.4.2-1.el8ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptorctl@1.4.2-1.el8ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "receptorctl-0:1.4.2-1.el9ap.noarch",
"product": {
"name": "receptorctl-0:1.4.2-1.el9ap.noarch",
"product_id": "receptorctl-0:1.4.2-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptorctl@1.4.2-1.el9ap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "receptor-0:1.4.2-1.el8ap.x86_64",
"product": {
"name": "receptor-0:1.4.2-1.el8ap.x86_64",
"product_id": "receptor-0:1.4.2-1.el8ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.4.2-1.el8ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "receptor-0:1.4.2-1.el9ap.x86_64",
"product": {
"name": "receptor-0:1.4.2-1.el9ap.x86_64",
"product_id": "receptor-0:1.4.2-1.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.4.2-1.el9ap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.4.2-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el8ap.src"
},
"product_reference": "receptor-0:1.4.2-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.3-Developer-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.4.2-1.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el8ap.x86_64"
},
"product_reference": "receptor-0:1.4.2-1.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.3-Developer-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptorctl-0:1.4.2-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptorctl-0:1.4.2-1.el8ap.noarch"
},
"product_reference": "receptorctl-0:1.4.2-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.3-Developer-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.4.2-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el8ap.src"
},
"product_reference": "receptor-0:1.4.2-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.3-Inside-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.4.2-1.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el8ap.x86_64"
},
"product_reference": "receptor-0:1.4.2-1.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.3-Inside-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptorctl-0:1.4.2-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptorctl-0:1.4.2-1.el8ap.noarch"
},
"product_reference": "receptorctl-0:1.4.2-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.3-Inside-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.4.2-1.el8ap.src as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el8ap.src"
},
"product_reference": "receptor-0:1.4.2-1.el8ap.src",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.4.2-1.el8ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el8ap.x86_64"
},
"product_reference": "receptor-0:1.4.2-1.el8ap.x86_64",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptorctl-0:1.4.2-1.el8ap.noarch as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 8",
"product_id": "8Base-Ansible-Automation-Platform-2.3:receptorctl-0:1.4.2-1.el8ap.noarch"
},
"product_reference": "receptorctl-0:1.4.2-1.el8ap.noarch",
"relates_to_product_reference": "8Base-Ansible-Automation-Platform-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.4.2-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el9ap.src"
},
"product_reference": "receptor-0:1.4.2-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.3-Developer-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.4.2-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el9ap.x86_64"
},
"product_reference": "receptor-0:1.4.2-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.3-Developer-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptorctl-0:1.4.2-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptorctl-0:1.4.2-1.el9ap.noarch"
},
"product_reference": "receptorctl-0:1.4.2-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.3-Developer-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.4.2-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el9ap.src"
},
"product_reference": "receptor-0:1.4.2-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.3-Inside-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.4.2-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el9ap.x86_64"
},
"product_reference": "receptor-0:1.4.2-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.3-Inside-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptorctl-0:1.4.2-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptorctl-0:1.4.2-1.el9ap.noarch"
},
"product_reference": "receptorctl-0:1.4.2-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.3-Inside-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.4.2-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el9ap.src"
},
"product_reference": "receptor-0:1.4.2-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.4.2-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el9ap.x86_64"
},
"product_reference": "receptor-0:1.4.2-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptorctl-0:1.4.2-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.3 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.3:receptorctl-0:1.4.2-1.el9ap.noarch"
},
"product_reference": "receptorctl-0:1.4.2-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptorctl-0:1.4.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptorctl-0:1.4.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.3:receptorctl-0:1.4.2-1.el8ap.noarch",
"9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptorctl-0:1.4.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptorctl-0:1.4.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.3:receptorctl-0:1.4.2-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-17T18:50:43+00:00",
"details": "Red Hat Ansible Automation Platform",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptorctl-0:1.4.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptorctl-0:1.4.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.3:receptorctl-0:1.4.2-1.el8ap.noarch",
"9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptorctl-0:1.4.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptorctl-0:1.4.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.3:receptorctl-0:1.4.2-1.el9ap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5810"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptorctl-0:1.4.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptorctl-0:1.4.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.3:receptorctl-0:1.4.2-1.el8ap.noarch",
"9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptorctl-0:1.4.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptorctl-0:1.4.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.3:receptorctl-0:1.4.2-1.el9ap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptorctl-0:1.4.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptorctl-0:1.4.2-1.el8ap.noarch",
"8Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el8ap.src",
"8Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el8ap.x86_64",
"8Base-Ansible-Automation-Platform-2.3:receptorctl-0:1.4.2-1.el8ap.noarch",
"9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptor-0:1.4.2-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.3-Developer-1.0:receptorctl-0:1.4.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptor-0:1.4.2-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.3-Inside-1.1:receptorctl-0:1.4.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.3:receptor-0:1.4.2-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.3:receptorctl-0:1.4.2-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
}
]
}
RHSA-2023:5835
Vulnerability from csaf_redhat - Published: 2023-10-18 07:59 - Updated: 2026-06-04 17:40Summary
Red Hat Security Advisory: rhc-worker-script enhancement and security update
Severity
Important
Notes
Topic: An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The rhc-worker-script packages provide Remote Host Configuration (rhc) worker for executing an interpreted programming language script on hosts managed by Red Hat Insights.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rhc-worker-script packages provide Remote Host Configuration (rhc) worker for executing an interpreted programming language script on hosts managed by Red Hat Insights. \n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5835",
"url": "https://access.redhat.com/errata/RHSA-2023:5835"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5835.json"
}
],
"title": "Red Hat Security Advisory: rhc-worker-script enhancement and security update",
"tracking": {
"current_release_date": "2026-06-04T17:40:53+00:00",
"generator": {
"date": "2026-06-04T17:40:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5835",
"initial_release_date": "2023-10-18T07:59:41+00:00",
"revision_history": [
{
"date": "2023-10-18T07:59:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-18T07:59:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T17:40:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-worker-script-0:0.5-1.el7_9.src",
"product": {
"name": "rhc-worker-script-0:0.5-1.el7_9.src",
"product_id": "rhc-worker-script-0:0.5-1.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-worker-script@0.5-1.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-worker-script-0:0.5-1.el7_9.x86_64",
"product": {
"name": "rhc-worker-script-0:0.5-1.el7_9.x86_64",
"product_id": "rhc-worker-script-0:0.5-1.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-worker-script@0.5-1.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-worker-script-0:0.5-1.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src"
},
"product_reference": "rhc-worker-script-0:0.5-1.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-worker-script-0:0.5-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64"
},
"product_reference": "rhc-worker-script-0:0.5-1.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-worker-script-0:0.5-1.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src"
},
"product_reference": "rhc-worker-script-0:0.5-1.el7_9.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-worker-script-0:0.5-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64"
},
"product_reference": "rhc-worker-script-0:0.5-1.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-worker-script-0:0.5-1.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src"
},
"product_reference": "rhc-worker-script-0:0.5-1.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-worker-script-0:0.5-1.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64"
},
"product_reference": "rhc-worker-script-0:0.5-1.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T07:59:41+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5835"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T07:59:41+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5835"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Client-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Server-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.src",
"7Workstation-7.9.Z:rhc-worker-script-0:0.5-1.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5851
Vulnerability from csaf_redhat - Published: 2023-10-18 16:23 - Updated: 2026-06-04 17:40Summary
Red Hat Security Advisory: RHACS 4.1 enhancement and security update
Severity
Important
Notes
Topic: Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of RHACS 4.1.4 includes fixes for the following security vulnerabilities:
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* Various CVEs in containers for glibc security issues
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RHACS 4.1.4 includes a new default policy called "Rapid Reset: Denial of Service Vulnerability in HTTP/2 Protocol". This policy alerts on deployments with images containing components that are susceptible to a Denial of Service (DoS) vulnerability for HTTP/2 servers, based on CVE-2023-44487 and CVE-2023-39325. This policy applies to the build or deploy life cycle stage.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of RHACS 4.1.4 includes fixes for the following security vulnerabilities:\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* Various CVEs in containers for glibc security issues\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRHACS 4.1.4 includes a new default policy called \"Rapid Reset: Denial of Service Vulnerability in HTTP/2 Protocol\". This policy alerts on deployments with images containing components that are susceptible to a Denial of Service (DoS) vulnerability for HTTP/2 servers, based on CVE-2023-44487 and CVE-2023-39325. This policy applies to the build or deploy life cycle stage.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5851",
"url": "https://access.redhat.com/errata/RHSA-2023:5851"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://docs.openshift.com/acs/4.1/release_notes/41-release-notes.html",
"url": "https://docs.openshift.com/acs/4.1/release_notes/41-release-notes.html"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5851.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.1 enhancement and security update",
"tracking": {
"current_release_date": "2026-06-04T17:40:53+00:00",
"generator": {
"date": "2026-06-04T17:40:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5851",
"initial_release_date": "2023-10-18T16:23:22+00:00",
"revision_history": [
{
"date": "2023-10-18T16:23:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-18T16:23:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T17:40:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.1 for RHEL 8",
"product": {
"name": "RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.1.4-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.1.4-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.1.4-8"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.1.4-7"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.1.4-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.1.4-5"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.1.4-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.1.4-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.1.4-8"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.1.4-7"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.1.4-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.1.4-5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.1.4-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.1.4-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.1.4-8"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.1.4-7"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.1.4-5"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.1.4-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.1.4-5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64 as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64 as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64 as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64 as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64 as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64 as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64 as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64 as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64 as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64 as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64 as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64",
"relates_to_product_reference": "8Base-RHACS-4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x as a component of RHACS 4.1 for RHEL 8",
"product_id": "8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x",
"relates_to_product_reference": "8Base-RHACS-4.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T16:23:22+00:00",
"details": "If you are using an earlier version of RHACS 4.1, you are advised to upgrade to patch release 4.1.4.",
"product_ids": [
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5851"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T16:23:22+00:00",
"details": "If you are using an earlier version of RHACS 4.1, you are advised to upgrade to patch release 4.1.4.",
"product_ids": [
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5851"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:01bd7d0eb01bbccaedb4bd874f9d25ec1de15b6ffa7d9afa772c633c901b4d19_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bed6dd0b095914635cc4c7492e7c7f312bc84138df4dbb63ce632835697da1eb_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-central-db-rhel8@sha256:f92672857754ee0baad0e17802ec23aa3f14e11dce65b59f60a8002a21987c75_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:192562d3cc181ff2cc14b9bf7202dd1b09c3d25c3308154d3878834c42139b8a_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:2168e357d9d8b663595aefd49434fa7b87e3dcb5dfb1aa9cceeddf656d89436f_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-rhel8@sha256:9974f6a4a1e0a9409fc5fee5addbc58ecafda1fd34231f2ac4b2972fbdbb422b_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:39b9d467f3b5fc5813fc2b2a27e187b62673817d98ce496a5f35551046110ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:6de4dae7bd8e1cae0bcf98e76380f10ce23e2d7868eac7189c5be44fb370c65b_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:ec6d6c5af603b2ca083e7a7600680e3e121daedc43c53b4c0c760463fc5e569c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:0165f336652e61518f87398d395766f408e372f1487026e6e06c5dd37e6cca24_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:2d91c9e119a9c6f69f5f6b44fd54cdb89a255a1f831c14c0346291a085cf1255_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-main-rhel8@sha256:70119ac2a99ae2b42a84f18d5dfc5a719ffd183a2c6587fd2654e17b207cbaa7_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:54e95a79b10a119472b6ef0351ff878e6a384b8e3100d25e943678bb120ed322_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:594533fdc64148e9222d6a1bfaa2ac9c912478161035b2aadb3161e6a6c7de71_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-operator-bundle@sha256:f996eaff3c93ae2a0589c038358da2932d85f7642289e6b5cc63e87af130e0f2_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:38933d28d8f623e8e421708f34a56e42cddd66b09c77b90ba7d0bab1ee10e6a6_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:564a8cbb9da8f2daab1d4163a4dfffdb2fadf87808cee3d4cc0ca210cf37801c_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-rhel8-operator@sha256:62be9d1228353bb890192444a8f79aa10afa9acf57b6fbae49e6751d4355eced_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:356142a0cef442132a39383a807ff74c6cad931071c45f44e1f7a794accf7ed1_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:ad51e30709c6b9f4350473b72eed6f0cb037f41f08c675ad7868cc70462513ae_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:e3088b93eaf3e6114ec3706f4a86cf9a1135a19b2b9274ccd5a47d4d530d5ead_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:024076d8e8f8759397d35ccf6d7e23c72e301d9ac76f9f3783802306412b6e82_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:16c06f7d13b140eace33c92e4de25080a369fb8cb07e8cd37dab1c77e20b98dc_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:6455831309117beb15181b443ca8f43c42b296798f9deaae25f5e180ef67f68e_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:505df709de90a7c86795312064564df6365d2150ee4536332c5896f767c7dd26_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:784f6bd4459fe4ba58dba416fcd4ad259ad71d15afef167d3331e43063813e0c_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f3c15fec3acb45f2b026820460c4be9b6d13fd2d5f10b0b7ddd8692971b2201b_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:86a79d36cdbdeccd47fd477ea503b859b068a168ec95c4a44c2784300c1dc036_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8ec71419eb15e2fc5300fdc7bcab0422bd0c467d718a0a37568b80df4272a0ff_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-rhel8@sha256:949cea90dd61fa675970dc2b6e2cbf7059a3095a8e679e6de8d30cac34ee2d51_s390x",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70114bb8763ef837426eb11929134ba804f70ccfe4f54eda180eb754c465ad63_ppc64le",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:70ea0eb9f752ea313bbfcc6248c12e9e3569df023c2a88ec07305579d8ffd1bc_amd64",
"8Base-RHACS-4.1:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:ce07a0fffd33647940720096d75329a6c857e49ae9ce7fc8358ad0c33adf1a4c_s390x"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5863
Vulnerability from csaf_redhat - Published: 2023-10-18 23:01 - Updated: 2026-06-04 17:40Summary
Red Hat Security Advisory: grafana security update
Severity
Moderate
Notes
Topic: An update for grafana is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB.\n\nSecurity Fix(es):\n\n* grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5863",
"url": "https://access.redhat.com/errata/RHSA-2023:5863"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5863.json"
}
],
"title": "Red Hat Security Advisory: grafana security update",
"tracking": {
"current_release_date": "2026-06-04T17:40:53+00:00",
"generator": {
"date": "2026-06-04T17:40:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5863",
"initial_release_date": "2023-10-18T23:01:34+00:00",
"revision_history": [
{
"date": "2023-10-18T23:01:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-18T23:01:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T17:40:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-5.el8_8.src",
"product": {
"name": "grafana-0:7.5.15-5.el8_8.src",
"product_id": "grafana-0:7.5.15-5.el8_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-5.el8_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-5.el8_8.aarch64",
"product": {
"name": "grafana-0:7.5.15-5.el8_8.aarch64",
"product_id": "grafana-0:7.5.15-5.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-5.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-5.el8_8.aarch64",
"product": {
"name": "grafana-debuginfo-0:7.5.15-5.el8_8.aarch64",
"product_id": "grafana-debuginfo-0:7.5.15-5.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-5.el8_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-5.el8_8.ppc64le",
"product": {
"name": "grafana-0:7.5.15-5.el8_8.ppc64le",
"product_id": "grafana-0:7.5.15-5.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-5.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le",
"product": {
"name": "grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le",
"product_id": "grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-5.el8_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-5.el8_8.x86_64",
"product": {
"name": "grafana-0:7.5.15-5.el8_8.x86_64",
"product_id": "grafana-0:7.5.15-5.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-5.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-5.el8_8.x86_64",
"product": {
"name": "grafana-debuginfo-0:7.5.15-5.el8_8.x86_64",
"product_id": "grafana-debuginfo-0:7.5.15-5.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-5.el8_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-5.el8_8.s390x",
"product": {
"name": "grafana-0:7.5.15-5.el8_8.s390x",
"product_id": "grafana-0:7.5.15-5.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-5.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-5.el8_8.s390x",
"product": {
"name": "grafana-debuginfo-0:7.5.15-5.el8_8.s390x",
"product_id": "grafana-debuginfo-0:7.5.15-5.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-5.el8_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-5.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.aarch64"
},
"product_reference": "grafana-0:7.5.15-5.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-5.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.ppc64le"
},
"product_reference": "grafana-0:7.5.15-5.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-5.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.s390x"
},
"product_reference": "grafana-0:7.5.15-5.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-5.el8_8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.src"
},
"product_reference": "grafana-0:7.5.15-5.el8_8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-5.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.x86_64"
},
"product_reference": "grafana-0:7.5.15-5.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-5.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.aarch64"
},
"product_reference": "grafana-debuginfo-0:7.5.15-5.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le"
},
"product_reference": "grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-5.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.s390x"
},
"product_reference": "grafana-debuginfo-0:7.5.15-5.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-5.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.x86_64"
},
"product_reference": "grafana-debuginfo-0:7.5.15-5.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T23:01:34+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5863"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T23:01:34+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5863"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-0:7.5.15-5.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:grafana-debuginfo-0:7.5.15-5.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5864
Vulnerability from csaf_redhat - Published: 2023-10-18 22:56 - Updated: 2026-06-04 17:40Summary
Red Hat Security Advisory: grafana security update
Severity
Moderate
Notes
Topic: An update for grafana is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB.\n\nSecurity Fix(es):\n\n* grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5864",
"url": "https://access.redhat.com/errata/RHSA-2023:5864"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5864.json"
}
],
"title": "Red Hat Security Advisory: grafana security update",
"tracking": {
"current_release_date": "2026-06-04T17:40:54+00:00",
"generator": {
"date": "2026-06-04T17:40:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5864",
"initial_release_date": "2023-10-18T22:56:50+00:00",
"revision_history": [
{
"date": "2023-10-18T22:56:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-18T22:56:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T17:40:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.11-4.el8_6.src",
"product": {
"name": "grafana-0:7.5.11-4.el8_6.src",
"product_id": "grafana-0:7.5.11-4.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.11-4.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.11-4.el8_6.aarch64",
"product": {
"name": "grafana-0:7.5.11-4.el8_6.aarch64",
"product_id": "grafana-0:7.5.11-4.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.11-4.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.11-4.el8_6.aarch64",
"product": {
"name": "grafana-debuginfo-0:7.5.11-4.el8_6.aarch64",
"product_id": "grafana-debuginfo-0:7.5.11-4.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.11-4.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.11-4.el8_6.ppc64le",
"product": {
"name": "grafana-0:7.5.11-4.el8_6.ppc64le",
"product_id": "grafana-0:7.5.11-4.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.11-4.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le",
"product": {
"name": "grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le",
"product_id": "grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.11-4.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.11-4.el8_6.x86_64",
"product": {
"name": "grafana-0:7.5.11-4.el8_6.x86_64",
"product_id": "grafana-0:7.5.11-4.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.11-4.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.11-4.el8_6.x86_64",
"product": {
"name": "grafana-debuginfo-0:7.5.11-4.el8_6.x86_64",
"product_id": "grafana-debuginfo-0:7.5.11-4.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.11-4.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.11-4.el8_6.s390x",
"product": {
"name": "grafana-0:7.5.11-4.el8_6.s390x",
"product_id": "grafana-0:7.5.11-4.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.11-4.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.11-4.el8_6.s390x",
"product": {
"name": "grafana-debuginfo-0:7.5.11-4.el8_6.s390x",
"product_id": "grafana-debuginfo-0:7.5.11-4.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.11-4.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.11-4.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.aarch64"
},
"product_reference": "grafana-0:7.5.11-4.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.11-4.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.ppc64le"
},
"product_reference": "grafana-0:7.5.11-4.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.11-4.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.s390x"
},
"product_reference": "grafana-0:7.5.11-4.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.11-4.el8_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.src"
},
"product_reference": "grafana-0:7.5.11-4.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.11-4.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.x86_64"
},
"product_reference": "grafana-0:7.5.11-4.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.11-4.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.aarch64"
},
"product_reference": "grafana-debuginfo-0:7.5.11-4.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le"
},
"product_reference": "grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.11-4.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.s390x"
},
"product_reference": "grafana-debuginfo-0:7.5.11-4.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.11-4.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.x86_64"
},
"product_reference": "grafana-debuginfo-0:7.5.11-4.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.src",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T22:56:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.src",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5864"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.src",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.src",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.src",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T22:56:50+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.src",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5864"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.src",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.src",
"AppStream-8.6.0.Z.EUS:grafana-0:7.5.11-4.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:grafana-debuginfo-0:7.5.11-4.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5865
Vulnerability from csaf_redhat - Published: 2023-10-18 22:55 - Updated: 2026-06-04 17:40Summary
Red Hat Security Advisory: grafana security update
Severity
Moderate
Notes
Topic: An update for grafana is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB.\n\nSecurity Fix(es):\n\n* grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5865",
"url": "https://access.redhat.com/errata/RHSA-2023:5865"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5865.json"
}
],
"title": "Red Hat Security Advisory: grafana security update",
"tracking": {
"current_release_date": "2026-06-04T17:40:55+00:00",
"generator": {
"date": "2026-06-04T17:40:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5865",
"initial_release_date": "2023-10-18T22:55:59+00:00",
"revision_history": [
{
"date": "2023-10-18T22:55:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-18T22:55:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T17:40:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.3.6-6.el8_4.src",
"product": {
"name": "grafana-0:7.3.6-6.el8_4.src",
"product_id": "grafana-0:7.3.6-6.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.3.6-6.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.3.6-6.el8_4.x86_64",
"product": {
"name": "grafana-0:7.3.6-6.el8_4.x86_64",
"product_id": "grafana-0:7.3.6-6.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.3.6-6.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"product": {
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"product_id": "grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.3.6-6.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.3.6-6.el8_4.aarch64",
"product": {
"name": "grafana-0:7.3.6-6.el8_4.aarch64",
"product_id": "grafana-0:7.3.6-6.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.3.6-6.el8_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.aarch64",
"product": {
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.aarch64",
"product_id": "grafana-debuginfo-0:7.3.6-6.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.3.6-6.el8_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.3.6-6.el8_4.ppc64le",
"product": {
"name": "grafana-0:7.3.6-6.el8_4.ppc64le",
"product_id": "grafana-0:7.3.6-6.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.3.6-6.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le",
"product": {
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le",
"product_id": "grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.3.6-6.el8_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.3.6-6.el8_4.s390x",
"product": {
"name": "grafana-0:7.3.6-6.el8_4.s390x",
"product_id": "grafana-0:7.3.6-6.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.3.6-6.el8_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.s390x",
"product": {
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.s390x",
"product_id": "grafana-debuginfo-0:7.3.6-6.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.3.6-6.el8_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.3.6-6.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.src"
},
"product_reference": "grafana-0:7.3.6-6.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.3.6-6.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.x86_64"
},
"product_reference": "grafana-0:7.3.6-6.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64"
},
"product_reference": "grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.3.6-6.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.aarch64"
},
"product_reference": "grafana-0:7.3.6-6.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.3.6-6.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.ppc64le"
},
"product_reference": "grafana-0:7.3.6-6.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.3.6-6.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.s390x"
},
"product_reference": "grafana-0:7.3.6-6.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.3.6-6.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.src"
},
"product_reference": "grafana-0:7.3.6-6.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.3.6-6.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.x86_64"
},
"product_reference": "grafana-0:7.3.6-6.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.aarch64"
},
"product_reference": "grafana-debuginfo-0:7.3.6-6.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le"
},
"product_reference": "grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.s390x"
},
"product_reference": "grafana-debuginfo-0:7.3.6-6.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64"
},
"product_reference": "grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.3.6-6.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.src"
},
"product_reference": "grafana-0:7.3.6-6.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.3.6-6.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.x86_64"
},
"product_reference": "grafana-0:7.3.6-6.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.3.6-6.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64"
},
"product_reference": "grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T22:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5865"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T22:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5865"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.AUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.E4S:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.src",
"AppStream-8.4.0.Z.TUS:grafana-0:7.3.6-6.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:grafana-debuginfo-0:7.3.6-6.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5866
Vulnerability from csaf_redhat - Published: 2023-10-18 22:54 - Updated: 2026-06-04 17:40Summary
Red Hat Security Advisory: grafana security update
Severity
Moderate
Notes
Topic: An update for grafana is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB.\n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5866",
"url": "https://access.redhat.com/errata/RHSA-2023:5866"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5866.json"
}
],
"title": "Red Hat Security Advisory: grafana security update",
"tracking": {
"current_release_date": "2026-06-04T17:40:55+00:00",
"generator": {
"date": "2026-06-04T17:40:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5866",
"initial_release_date": "2023-10-18T22:54:48+00:00",
"revision_history": [
{
"date": "2023-10-18T22:54:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-18T22:54:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T17:40:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.11-6.el9_0.src",
"product": {
"name": "grafana-0:7.5.11-6.el9_0.src",
"product_id": "grafana-0:7.5.11-6.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.11-6.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.11-6.el9_0.aarch64",
"product": {
"name": "grafana-0:7.5.11-6.el9_0.aarch64",
"product_id": "grafana-0:7.5.11-6.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.11-6.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.11-6.el9_0.aarch64",
"product": {
"name": "grafana-debuginfo-0:7.5.11-6.el9_0.aarch64",
"product_id": "grafana-debuginfo-0:7.5.11-6.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.11-6.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.11-6.el9_0.ppc64le",
"product": {
"name": "grafana-0:7.5.11-6.el9_0.ppc64le",
"product_id": "grafana-0:7.5.11-6.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.11-6.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le",
"product": {
"name": "grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le",
"product_id": "grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.11-6.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.11-6.el9_0.x86_64",
"product": {
"name": "grafana-0:7.5.11-6.el9_0.x86_64",
"product_id": "grafana-0:7.5.11-6.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.11-6.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.11-6.el9_0.x86_64",
"product": {
"name": "grafana-debuginfo-0:7.5.11-6.el9_0.x86_64",
"product_id": "grafana-debuginfo-0:7.5.11-6.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.11-6.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.11-6.el9_0.s390x",
"product": {
"name": "grafana-0:7.5.11-6.el9_0.s390x",
"product_id": "grafana-0:7.5.11-6.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.11-6.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.11-6.el9_0.s390x",
"product": {
"name": "grafana-debuginfo-0:7.5.11-6.el9_0.s390x",
"product_id": "grafana-debuginfo-0:7.5.11-6.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.11-6.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.11-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.aarch64"
},
"product_reference": "grafana-0:7.5.11-6.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.11-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.ppc64le"
},
"product_reference": "grafana-0:7.5.11-6.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.11-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.s390x"
},
"product_reference": "grafana-0:7.5.11-6.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.11-6.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.src"
},
"product_reference": "grafana-0:7.5.11-6.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.11-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.x86_64"
},
"product_reference": "grafana-0:7.5.11-6.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.11-6.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.aarch64"
},
"product_reference": "grafana-debuginfo-0:7.5.11-6.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le"
},
"product_reference": "grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.11-6.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.s390x"
},
"product_reference": "grafana-debuginfo-0:7.5.11-6.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.11-6.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.x86_64"
},
"product_reference": "grafana-debuginfo-0:7.5.11-6.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T22:54:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5866"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T22:54:48+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5866"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.src",
"AppStream-9.0.0.Z.EUS:grafana-0:7.5.11-6.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:grafana-debuginfo-0:7.5.11-6.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5867
Vulnerability from csaf_redhat - Published: 2023-10-18 22:59 - Updated: 2026-06-04 17:40Summary
Red Hat Security Advisory: grafana security update
Severity
Moderate
Notes
Topic: An update for grafana is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5867",
"url": "https://access.redhat.com/errata/RHSA-2023:5867"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5867.json"
}
],
"title": "Red Hat Security Advisory: grafana security update",
"tracking": {
"current_release_date": "2026-06-04T17:40:55+00:00",
"generator": {
"date": "2026-06-04T17:40:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5867",
"initial_release_date": "2023-10-18T22:59:29+00:00",
"revision_history": [
{
"date": "2023-10-18T22:59:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-18T22:59:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T17:40:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.0.9-4.el9_2.src",
"product": {
"name": "grafana-0:9.0.9-4.el9_2.src",
"product_id": "grafana-0:9.0.9-4.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.0.9-4.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.0.9-4.el9_2.aarch64",
"product": {
"name": "grafana-0:9.0.9-4.el9_2.aarch64",
"product_id": "grafana-0:9.0.9-4.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.0.9-4.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.0.9-4.el9_2.aarch64",
"product": {
"name": "grafana-debugsource-0:9.0.9-4.el9_2.aarch64",
"product_id": "grafana-debugsource-0:9.0.9-4.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.0.9-4.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.0.9-4.el9_2.aarch64",
"product": {
"name": "grafana-debuginfo-0:9.0.9-4.el9_2.aarch64",
"product_id": "grafana-debuginfo-0:9.0.9-4.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.0.9-4.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.0.9-4.el9_2.ppc64le",
"product": {
"name": "grafana-0:9.0.9-4.el9_2.ppc64le",
"product_id": "grafana-0:9.0.9-4.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.0.9-4.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.0.9-4.el9_2.ppc64le",
"product": {
"name": "grafana-debugsource-0:9.0.9-4.el9_2.ppc64le",
"product_id": "grafana-debugsource-0:9.0.9-4.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.0.9-4.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le",
"product": {
"name": "grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le",
"product_id": "grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.0.9-4.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.0.9-4.el9_2.x86_64",
"product": {
"name": "grafana-0:9.0.9-4.el9_2.x86_64",
"product_id": "grafana-0:9.0.9-4.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.0.9-4.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.0.9-4.el9_2.x86_64",
"product": {
"name": "grafana-debugsource-0:9.0.9-4.el9_2.x86_64",
"product_id": "grafana-debugsource-0:9.0.9-4.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.0.9-4.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.0.9-4.el9_2.x86_64",
"product": {
"name": "grafana-debuginfo-0:9.0.9-4.el9_2.x86_64",
"product_id": "grafana-debuginfo-0:9.0.9-4.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.0.9-4.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.0.9-4.el9_2.s390x",
"product": {
"name": "grafana-0:9.0.9-4.el9_2.s390x",
"product_id": "grafana-0:9.0.9-4.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.0.9-4.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.0.9-4.el9_2.s390x",
"product": {
"name": "grafana-debugsource-0:9.0.9-4.el9_2.s390x",
"product_id": "grafana-debugsource-0:9.0.9-4.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.0.9-4.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.0.9-4.el9_2.s390x",
"product": {
"name": "grafana-debuginfo-0:9.0.9-4.el9_2.s390x",
"product_id": "grafana-debuginfo-0:9.0.9-4.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.0.9-4.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.0.9-4.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.aarch64"
},
"product_reference": "grafana-0:9.0.9-4.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.0.9-4.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.ppc64le"
},
"product_reference": "grafana-0:9.0.9-4.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.0.9-4.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.s390x"
},
"product_reference": "grafana-0:9.0.9-4.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.0.9-4.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.src"
},
"product_reference": "grafana-0:9.0.9-4.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.0.9-4.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.x86_64"
},
"product_reference": "grafana-0:9.0.9-4.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.0.9-4.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.aarch64"
},
"product_reference": "grafana-debuginfo-0:9.0.9-4.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le"
},
"product_reference": "grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.0.9-4.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.s390x"
},
"product_reference": "grafana-debuginfo-0:9.0.9-4.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.0.9-4.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.x86_64"
},
"product_reference": "grafana-debuginfo-0:9.0.9-4.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.0.9-4.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.aarch64"
},
"product_reference": "grafana-debugsource-0:9.0.9-4.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.0.9-4.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.ppc64le"
},
"product_reference": "grafana-debugsource-0:9.0.9-4.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.0.9-4.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.s390x"
},
"product_reference": "grafana-debugsource-0:9.0.9-4.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.0.9-4.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.x86_64"
},
"product_reference": "grafana-debugsource-0:9.0.9-4.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T22:59:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5867"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-18T22:59:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5867"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debuginfo-0:9.0.9-4.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:grafana-debugsource-0:9.0.9-4.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5895
Vulnerability from csaf_redhat - Published: 2023-10-25 00:59 - Updated: 2026-06-04 17:40Summary
Red Hat Security Advisory: OpenShift Container Platform 4.12.40 security and extras update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs.
This release includes a security update for Red Hat OpenShift Container Platform 4.12.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.40. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2023:5896
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:1021d8e034641627457b8fc54d33d307c09f815dc5f7fc28bca44314e39c169d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:3a5f632a8271a7ebc902eebeed596e0350c2e745b8e041cbe353f15f85df50bf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:4e77db56f4263ffd43b5db6dbb008bcc9304103784461f79076d68cc37300b3c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:c97a39e5c26080bf6ec1d0a7fdd3d5f1ca02fd063f17731ebf7d61c6086d4f07_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
149 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:72cf77954e8a4946961bd20c7b05398f9c99ae15ddde1aca9dfe6eb442b12022_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:a1199349c9f7321b67ec73a3bb7ec8eb02c1892fa8ff60d135c9957a48b1aa7d_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:a2101864a1bdef883ff6493642870fecbe91b0e31ea57a36f918523ec552213b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:e723f8ef299deb977eabc5b96adf6f2d1dd37f5a892d338c56bef95bc6f8fd8c_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:285d86578ee1284e413bd1e991d33bc1d956db5af64e42525afa2216d95dfe74_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:7fa41d4dc5d21f6970e55374a0d3c1d1a1d1e70b802538bae0067add8d17fb2d_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:81c28fa0f67121b63c30f263b287c31dfa63d781226b2c2da6151551fadc2b6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:b98d3493fe884eade42907b7d61a34d56e4da206d5211710862ea7a9b01052db_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:108683934e0081dd2b47d45b8645da0597e801d6393e0275bba60e557df22118_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:46e5e9c1a0de429ce010c8413c436b65db487b901559a31ec12d7ad5ac285ee9_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:780bf0296dfeb56ea236682bde3a200953f52ffc4a7806e57a1b2a9907edc6a0_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:ed4b83ea6860722a34422419763d8181cc2729c2c66e113e42b004f788715789_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:8a7ff91387a533b4727278f654260f37031a9f25bd8e020e9cc6b8801d2e53ef_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:8d27e611fdef663f48d1210f3c79861207cd3022c45e6a0b9024783fd3cdfbef_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:d017795ad6e97fbfbc4e63c212bb3df8fd253e7fe67e0764571be242e8a67bd6_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:30ef56694e5cf07818c01dde16463a65133effbc045006a74479e34fcefbde70_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:4a623730a2f43a50069d6f4f60e8c91198608852cf52c61aa3a25c111fcdce42_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:cadb8a46c39d49156600b973e280bd303d6f9050bd06b5a42b77d87e739c74e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:e98cc3ff99e6b1040ffb579e6bb581a02101cb9935ac2a5a69245d3eb8e9773d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:478a6fb62e9a5621cd26fc866aef1a0024164b42b37de80714b8e2dd6a366ca5_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:fbc73cd2015b3623070742fe31df0f41db5a131e5648d65693b1e976c2f5bc6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:7d56e3582f381267397503a4410811d20f8b8fe9500423dd281d92bc740951b4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ea669ecbf3fbda745413e79ba33a9d4e71585e0ba8665f200eb0e9a5b8226b9d_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:102b294d1a9965c935a74a7eaae9f2e7be4d747bdba1f9860206fb231e057ee3_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:3c0479d783c92f1ebeb9a1fa6201fdb84c594a1ca4412eb095a297ce5c2aa35d_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:4382fb0818dd63af22b8fc8fc5cfb614be6f7ea8ea5ced779a528f7c47175880_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:4a15d356228a39cca0126c3df8b30fc2bcbd89e95f1bb24d67c342e01011840d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:ba7a52e143b77cf3f1972da8cc02ab5587d0dff77b8e975c522a0fc9f05d59a2_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:baf8938374b42f94b453d751edde90e77cc96f33bdbec91e32011f31368903a7_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:020f16bc6aeaaaf6dcb3feee17fdddf7ccc9b98ea5c8a848dc97f486aeb90631_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:22f013044a290eb8810cc0ecfc909c2b9fa01d74bdaea8feb82808cab28e9212_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b388f12cca8cee34bf6703c5111fa157c9cc795dacf68e089ffb45816d3dc0a7_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f5182cd7ee2e3c2bb579e818fbc81f66298609c7c211ffa714713704be5f62fc_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:12f3f2b0d1c7b2735dc7770674e6ab8141bc8936f89f8fcca2f037bd10ace649_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:c82c0e4dab2cbad793f89eb4fa612b37762afb2643432e984d07196637025108_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:eefbf0f8bdfe24fbea91ddd415888cc3a0769d7c0875345d2089170e62dbcc5d_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:ae6d9cb81d64e8a144f48f82f5f016be2e606bc96c2fcdebb1c2551086a76ebc_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:cd33c1243171439b1ffd3d1133922fc078a093095dfb6c6b00c2c0be2c6f72da_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:e26479f66f80f84815aa411c80ed8ffc2b090fcef1bedfcce49d8f2bd41fd771_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:f30257831f2167be88df438a550bafd9670231ba62d04d2f403f898c64c5b013_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:5b2e6d7f2775d4bb5667c9b945e045bfdaf428570fb27818c70630075c9d1f70_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:d689ec4ac0e0148633f7bca9005e82461f1951659c2da3a9bffe6038e2101095_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:e2aaf0ab59f87f1fe2723be34e71d6d185bc378ea057e229838a2006c32bbce4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:5f0b4815098cb9f43b5fcd40581ae93f6f6655c3a3a526aee906368f08e69874_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:9253717b1bce094dbdd7d9d6af6485e7719d69aef97938c75f991f83392af4ef_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:c71f5f4d3f62199c89ef05cba94f805f074500dbbce33efcbb421ed9abc5be12_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9fe6a4dec159fdd43821b3180a1090dcb78609d77fbff26aacaf89c1fcae7392_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:aab06773166b0272d1d62d82d22bdf1aaf38d5c7a380ce3ff6d5ceb1d5901784_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:3d8a9e5463f9efe11182ac23ab8edcaceb3a122d78df83921483691a32ace0f6_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:65743683d8085a4361a59b85970f5d9fe0b844ade55034ea1d25e385a23ca671_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:09a9fc0f3e8f11ece0143e301f29386dcc899c41f26b7b06cdc18830fcd3e535_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:65e5e849c5ef5ea84ea3c4e07739938999d8ea2ecefccd5544d8e2ca672ef46a_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:89951eb78b805680d5289d65cb7c8b4a18d3342f6c51b58e48e73722edcab401_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:9859c36ad6668fa092d1023a3f75a2828b0868951fa309c44e8f431add419288_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:26f0f068bd1e22fbc3705117817bcf0aa47559aa508504eaf80a781516516d95_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:2a5e32f5ba01ca2d512ff93cc76b17d134923f85ed6241ef0818baff9f9fdf17_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:631ffa3d29931e673f45fdc427301b56a4a025cc51a32f2756d8ef31de53291f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:93ffc29f43f0e8a0ea41d09806e66e9d881b17817623ed74dc226fbc80403346_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:90e60cb79ebe1e989d038b2e7eabc7020c4f0d15dfc68a3b8ffa8dfe242df904_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:b4b53f3f4afa79b9a659370b8cbc2cad3116dfc0e2a3678c51147cf20cbd24d4_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:fca7a0479fe492e61cae73535c25e8d32a4d895761bf886e6338a484c0348fd0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:12b4caa17dc0c6a579454a4e3204dac180e599e775952f4b42310c1c417e16a0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:173809679d1180200d81df86c0c8d5824b65edb70253fa641784ac89d162400c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:91cac5f0553d39db5db6c917895739c5aa4c7b8d6d13c7a3a5e44edc3995dd4e_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:136b1a956321aefe3f6840c284a1418c7eef97f1c01acc85195ba32492d4e227_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:4b76c420c27896317fd2bcd6739221cbaa15f86dddeaf0e7615c6519e488d16f_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:c6dd84c8fa114fd5e2cb54cd996a4aba42dee3b581a334346e5eaf8b39a3db7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:1c6a0888e201605df64b4a0162a21b2364baf1f781cbbacd88a2157b8a4702d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:3ddeb65fad850a996347bdf961879dabb1277a5d9ae300a45e87664466294d85_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:bd2b362dfb3f83a1eaf31cf852fefe7517d9272b508ef671c18c07d542c384c2_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:d0223b0dbd14725bdd3529ddf690fe0ef64a3e43ccde6da44738a3264292219f_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:20092764d0e33eabdeb74f73502d442d54e9b18ef69ecb84d62b7be17dc16ce4_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:2eb4baac81c48822b89850e4ca02f2ecaf49dcba63dca5343a4f52587827d330_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:668985fd6b8b8c93e46e75d7fdf98b7d48b5decf897e417a8a2e46a7eb1d98fb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:58c0d0aa10dce221251d77cbcb075e231f5ebaa3aba91397fab7ccc49007e3be_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:66aae4c0b92a1594526c3fb959d0baac6a277ac88a2796be9dcb7aa4a48e18ee_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:e92c59a8d4e936b06cb0de3e438361c96d01cde7f1171589a88c88287d6e7ca2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:41c58aa89e406885091d2bc777ce00e14a9a1b10ce9904db8480583f38058504_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:495c6bdf9f1ddf6ba42f160e3459afd57e163025f2b3448b4e1c486be0c1d437_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:943abb445ca797dd4498970a989ea9fea2289f218021f9217791b2c6f11e7204_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:475a89507d26f315689fa740c7e1732573af4593052399d492bdb33fc2fe9dd3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:ebab320cd12116d6368e99680d8eabbd48a9552f5fb0fdafa8fe3de8dbeb3748_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:f7c79c165d548816014e0d66064378e9d069cee6c0ddd353b6a370ea64a6cf9d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:d3cd88d666e7f66c126fc2d555bc5359f5d4786521b0a874049007b7b71180b1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:ee8c0a18471ddba9929d40c14331d1a3f168ef01f4763ee85049df9c75193c18_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:ef957e1d49d8dd4576e7ab4c2d6559d96f294452e846d1f2244dfae1f86a7e33_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:2892b1820ebf7f185f119bf56552e525853b27b0acb8bd935aee9dc29f59c989_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:89ca5677d919fdfd9707c53fd3ab4f0555cfb85d715bbd45475aed20a29082a5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:2629ac0c79df36ac8beec9467ad2c4963ad10c88544a2774539c0b3aad132329_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:9d23efd1b5d0d5dce268c01867ee7230b5a0a835e7e8133fc159b01fc671645a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:bea03b981c6bac55ae89e42d24a49dd3876f3005beb9e4b5ea54be8248b15a45_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:18fa4a04e748adbfa1b793d98f6e8eb906852eb1e8d28d25f66297dc0d4370c9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:5654025cb60c9c42fa0e638ef2e7a84d89bdf5cfefb8a25ab162687bda8adcb6_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:44ffe87e64a9e73fdb4fabe6d59aa06e802216cda0ee76c06170fdeb7014b82e_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:762ba98cffdce6dd5e9362e944bccc19b866d1b7feaf622f80351e52ce2a6caf_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:af60d3aa0ad2d4c7db1e5d0b37ffe1e48887ee9e32b937c3605e396a8e0c5b8e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:7c93705cc65a1575a2d8e775860a032845f09c9014ea22d7d60a644cc7215fee_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:a68b81fa4f1a32c36a8e4496c037f8e4545b38afdd0f0d226307db3f94463c6e_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:cbcc16844ae0319de243aaf1a5a1144f184e33b35e038fcc030ff5f0a4505d2e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:90ad52c3f906026e9c5576559fec7541bec9a3159690f98990a225f7b45bfe5e_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:bd890d83f7ae835728de79196793adffaf2d19f00141322ac490877c6d0fe873_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:d85fce19b44c97f8711ea209b6ffa0763d5bbb496053189685a859477d5d81f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:e54b54d3821392f09f3a19bae19b93434dfad6327e8aa910a293ce8eeb6661bb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:2882b66ef1e76d922697e45ce2c2d7d2cb610894d0291538b816f456d2c46950_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:c799e7fcecfbc2e2ef573c2c885d88ced5a39f0a15016a927ddb4f5ef6d6299a_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:dffd809542c7760bdf7472627559c49fee48f047504c2e6c3b9f38ecf8baa4bb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:f723dafd371cbc77bcb92c6dd323bcf9b26880b50a01718ec2a6345b57f75199_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:281b0039a3814d7b49ccdb26c1a94b2067219cd38aad5d757f9b92867c59312e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:a3886ce4ebb9d7782b19c6f17791df9d8dfcd0a1ea6558a2b1c597d4a400384a_ppc64le | — |
Workaround
|
Threats
Impact
Important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.12.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.40. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:5896\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5895",
"url": "https://access.redhat.com/errata/RHSA-2023:5895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5895.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.12.40 security and extras update",
"tracking": {
"current_release_date": "2026-06-04T17:40:55+00:00",
"generator": {
"date": "2026-06-04T17:40:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5895",
"initial_release_date": "2023-10-25T00:59:06+00:00",
"revision_history": [
{
"date": "2023-10-25T00:59:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-25T00:59:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T17:40:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-descheduler@sha256:5f0b4815098cb9f43b5fcd40581ae93f6f6655c3a3a526aee906368f08e69874_amd64",
"product": {
"name": "openshift4/ose-descheduler@sha256:5f0b4815098cb9f43b5fcd40581ae93f6f6655c3a3a526aee906368f08e69874_amd64",
"product_id": "openshift4/ose-descheduler@sha256:5f0b4815098cb9f43b5fcd40581ae93f6f6655c3a3a526aee906368f08e69874_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-descheduler@sha256:5f0b4815098cb9f43b5fcd40581ae93f6f6655c3a3a526aee906368f08e69874?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-descheduler\u0026tag=v4.12.0-202310170157.p0.ge8e0600.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-node-problem-detector-rhel8@sha256:668985fd6b8b8c93e46e75d7fdf98b7d48b5decf897e417a8a2e46a7eb1d98fb_amd64",
"product": {
"name": "openshift4/ose-node-problem-detector-rhel8@sha256:668985fd6b8b8c93e46e75d7fdf98b7d48b5decf897e417a8a2e46a7eb1d98fb_amd64",
"product_id": "openshift4/ose-node-problem-detector-rhel8@sha256:668985fd6b8b8c93e46e75d7fdf98b7d48b5decf897e417a8a2e46a7eb1d98fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-node-problem-detector-rhel8@sha256:668985fd6b8b8c93e46e75d7fdf98b7d48b5decf897e417a8a2e46a7eb1d98fb?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-node-problem-detector-rhel8\u0026tag=v4.12.0-202310170157.p0.g3ce7998.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cloud-event-proxy@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"product": {
"name": "openshift4/ose-cloud-event-proxy@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"product_id": "openshift4/ose-cloud-event-proxy@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cloud-event-proxy@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cloud-event-proxy\u0026tag=v4.12.0-202310170157.p0.g23ad6e2.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"product": {
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"product_id": "openshift4/ose-cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cloud-event-proxy-rhel8\u0026tag=v4.12.0-202310170157.p0.g23ad6e2.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"product": {
"name": "openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"product_id": "openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/cloud-event-proxy-rhel8\u0026tag=v4.12.0-202310170157.p0.g23ad6e2.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-nfd-operator@sha256:baf8938374b42f94b453d751edde90e77cc96f33bdbec91e32011f31368903a7_amd64",
"product": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:baf8938374b42f94b453d751edde90e77cc96f33bdbec91e32011f31368903a7_amd64",
"product_id": "openshift4/ose-cluster-nfd-operator@sha256:baf8938374b42f94b453d751edde90e77cc96f33bdbec91e32011f31368903a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-nfd-operator@sha256:baf8938374b42f94b453d751edde90e77cc96f33bdbec91e32011f31368903a7?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.12.0-202310170157.p0.g3d08a74.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64",
"product": {
"name": "openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64",
"product_id": "openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/dpu-network-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.gbc123b4.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-infiniband-cni@sha256:89ca5677d919fdfd9707c53fd3ab4f0555cfb85d715bbd45475aed20a29082a5_amd64",
"product": {
"name": "openshift4/ose-sriov-infiniband-cni@sha256:89ca5677d919fdfd9707c53fd3ab4f0555cfb85d715bbd45475aed20a29082a5_amd64",
"product_id": "openshift4/ose-sriov-infiniband-cni@sha256:89ca5677d919fdfd9707c53fd3ab4f0555cfb85d715bbd45475aed20a29082a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:89ca5677d919fdfd9707c53fd3ab4f0555cfb85d715bbd45475aed20a29082a5?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.12.0-202310170157.p0.g6f976ac.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall@sha256:81c28fa0f67121b63c30f263b287c31dfa63d781226b2c2da6151551fadc2b6f_amd64",
"product": {
"name": "openshift4/ingress-node-firewall@sha256:81c28fa0f67121b63c30f263b287c31dfa63d781226b2c2da6151551fadc2b6f_amd64",
"product_id": "openshift4/ingress-node-firewall@sha256:81c28fa0f67121b63c30f263b287c31dfa63d781226b2c2da6151551fadc2b6f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall@sha256:81c28fa0f67121b63c30f263b287c31dfa63d781226b2c2da6151551fadc2b6f?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall\u0026tag=v4.12.0-202310170157.p0.g3c81f59.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall-rhel8-operator@sha256:a2101864a1bdef883ff6493642870fecbe91b0e31ea57a36f918523ec552213b_amd64",
"product": {
"name": "openshift4/ingress-node-firewall-rhel8-operator@sha256:a2101864a1bdef883ff6493642870fecbe91b0e31ea57a36f918523ec552213b_amd64",
"product_id": "openshift4/ingress-node-firewall-rhel8-operator@sha256:a2101864a1bdef883ff6493642870fecbe91b0e31ea57a36f918523ec552213b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall-rhel8-operator@sha256:a2101864a1bdef883ff6493642870fecbe91b0e31ea57a36f918523ec552213b?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.g3c81f59.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-diskmaker@sha256:fca7a0479fe492e61cae73535c25e8d32a4d895761bf886e6338a484c0348fd0_amd64",
"product": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:fca7a0479fe492e61cae73535c25e8d32a4d895761bf886e6338a484c0348fd0_amd64",
"product_id": "openshift4/ose-local-storage-diskmaker@sha256:fca7a0479fe492e61cae73535c25e8d32a4d895761bf886e6338a484c0348fd0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-diskmaker@sha256:fca7a0479fe492e61cae73535c25e8d32a4d895761bf886e6338a484c0348fd0?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.12.0-202310170157.p0.gbc3f9b7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64",
"product": {
"name": "openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64",
"product_id": "openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.12.0-202310170157.p0.gbc3f9b7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-node-feature-discovery@sha256:3ddeb65fad850a996347bdf961879dabb1277a5d9ae300a45e87664466294d85_amd64",
"product": {
"name": "openshift4/ose-node-feature-discovery@sha256:3ddeb65fad850a996347bdf961879dabb1277a5d9ae300a45e87664466294d85_amd64",
"product_id": "openshift4/ose-node-feature-discovery@sha256:3ddeb65fad850a996347bdf961879dabb1277a5d9ae300a45e87664466294d85_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-node-feature-discovery@sha256:3ddeb65fad850a996347bdf961879dabb1277a5d9ae300a45e87664466294d85?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.12.0-202310170157.p0.g5e2696b.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ansible-operator@sha256:4a623730a2f43a50069d6f4f60e8c91198608852cf52c61aa3a25c111fcdce42_amd64",
"product": {
"name": "openshift4/ose-ansible-operator@sha256:4a623730a2f43a50069d6f4f60e8c91198608852cf52c61aa3a25c111fcdce42_amd64",
"product_id": "openshift4/ose-ansible-operator@sha256:4a623730a2f43a50069d6f4f60e8c91198608852cf52c61aa3a25c111fcdce42_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-ansible-operator@sha256:4a623730a2f43a50069d6f4f60e8c91198608852cf52c61aa3a25c111fcdce42?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.12.0-202310170157.p0.ge11bcad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64",
"product": {
"name": "openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64",
"product_id": "openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.12.0-202310170157.p0.g834db11.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-helm-operator@sha256:89951eb78b805680d5289d65cb7c8b4a18d3342f6c51b58e48e73722edcab401_amd64",
"product": {
"name": "openshift4/ose-helm-operator@sha256:89951eb78b805680d5289d65cb7c8b4a18d3342f6c51b58e48e73722edcab401_amd64",
"product_id": "openshift4/ose-helm-operator@sha256:89951eb78b805680d5289d65cb7c8b4a18d3342f6c51b58e48e73722edcab401_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-helm-operator@sha256:89951eb78b805680d5289d65cb7c8b4a18d3342f6c51b58e48e73722edcab401?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.12.0-202310170157.p0.ge11bcad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-sdk-rhel8@sha256:4e77db56f4263ffd43b5db6dbb008bcc9304103784461f79076d68cc37300b3c_amd64",
"product": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:4e77db56f4263ffd43b5db6dbb008bcc9304103784461f79076d68cc37300b3c_amd64",
"product_id": "openshift4/ose-operator-sdk-rhel8@sha256:4e77db56f4263ffd43b5db6dbb008bcc9304103784461f79076d68cc37300b3c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-operator-sdk-rhel8@sha256:4e77db56f4263ffd43b5db6dbb008bcc9304103784461f79076d68cc37300b3c?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-operator-sdk-rhel8\u0026tag=v4.12.0-202310170157.p0.ge11bcad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:631ffa3d29931e673f45fdc427301b56a4a025cc51a32f2756d8ef31de53291f_amd64",
"product": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:631ffa3d29931e673f45fdc427301b56a4a025cc51a32f2756d8ef31de53291f_amd64",
"product_id": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:631ffa3d29931e673f45fdc427301b56a4a025cc51a32f2756d8ef31de53291f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-kubernetes-nmstate-handler-rhel8@sha256:631ffa3d29931e673f45fdc427301b56a4a025cc51a32f2756d8ef31de53291f?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel8\u0026tag=v4.12.0-202310170157.p0.gf83501a.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:fbc73cd2015b3623070742fe31df0f41db5a131e5648d65693b1e976c2f5bc6f_amd64",
"product": {
"name": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:fbc73cd2015b3623070742fe31df0f41db5a131e5648d65693b1e976c2f5bc6f_amd64",
"product_id": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:fbc73cd2015b3623070742fe31df0f41db5a131e5648d65693b1e976c2f5bc6f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-aws-efs-csi-driver-container-rhel8@sha256:fbc73cd2015b3623070742fe31df0f41db5a131e5648d65693b1e976c2f5bc6f?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-aws-efs-csi-driver-container-rhel8\u0026tag=v4.12.0-202310170157.p0.ge59aa10.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:7d56e3582f381267397503a4410811d20f8b8fe9500423dd281d92bc740951b4_amd64",
"product": {
"name": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:7d56e3582f381267397503a4410811d20f8b8fe9500423dd281d92bc740951b4_amd64",
"product_id": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:7d56e3582f381267397503a4410811d20f8b8fe9500423dd281d92bc740951b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-aws-efs-csi-driver-rhel8-operator@sha256:7d56e3582f381267397503a4410811d20f8b8fe9500423dd281d92bc740951b4?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-aws-efs-csi-driver-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.ge755d4c.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"product": {
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-kube-descheduler-rhel8-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.gda308c7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"product": {
"name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"product_id": "openshift4/ose-cluster-kube-descheduler-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-kube-descheduler-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-operator\u0026tag=v4.12.0-202310170157.p0.gda308c7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.12.0-202310170157.p0.g4cd14c4.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:020f16bc6aeaaaf6dcb3feee17fdddf7ccc9b98ea5c8a848dc97f486aeb90631_amd64",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:020f16bc6aeaaaf6dcb3feee17fdddf7ccc9b98ea5c8a848dc97f486aeb90631_amd64",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:020f16bc6aeaaaf6dcb3feee17fdddf7ccc9b98ea5c8a848dc97f486aeb90631_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:020f16bc6aeaaaf6dcb3feee17fdddf7ccc9b98ea5c8a848dc97f486aeb90631?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.g9df3229.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-contour-rhel8@sha256:cd33c1243171439b1ffd3d1133922fc078a093095dfb6c6b00c2c0be2c6f72da_amd64",
"product": {
"name": "openshift4/ose-contour-rhel8@sha256:cd33c1243171439b1ffd3d1133922fc078a093095dfb6c6b00c2c0be2c6f72da_amd64",
"product_id": "openshift4/ose-contour-rhel8@sha256:cd33c1243171439b1ffd3d1133922fc078a093095dfb6c6b00c2c0be2c6f72da_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-contour-rhel8@sha256:cd33c1243171439b1ffd3d1133922fc078a093095dfb6c6b00c2c0be2c6f72da?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-contour-rhel8\u0026tag=v4.12.0-202310170157.p0.g45e9b62.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64",
"product": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64",
"product_id": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel8\u0026tag=v4.12.0-202310170157.p0.g20cffc0.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:65743683d8085a4361a59b85970f5d9fe0b844ade55034ea1d25e385a23ca671_amd64",
"product": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:65743683d8085a4361a59b85970f5d9fe0b844ade55034ea1d25e385a23ca671_amd64",
"product_id": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:65743683d8085a4361a59b85970f5d9fe0b844ade55034ea1d25e385a23ca671_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-gcp-filestore-csi-driver-rhel8@sha256:65743683d8085a4361a59b85970f5d9fe0b844ade55034ea1d25e385a23ca671?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel8\u0026tag=v4.12.0-202310170157.p0.g390c723.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:aab06773166b0272d1d62d82d22bdf1aaf38d5c7a380ce3ff6d5ceb1d5901784_amd64",
"product": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:aab06773166b0272d1d62d82d22bdf1aaf38d5c7a380ce3ff6d5ceb1d5901784_amd64",
"product_id": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:aab06773166b0272d1d62d82d22bdf1aaf38d5c7a380ce3ff6d5ceb1d5901784_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:aab06773166b0272d1d62d82d22bdf1aaf38d5c7a380ce3ff6d5ceb1d5901784?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.ga8765cd.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:108683934e0081dd2b47d45b8645da0597e801d6393e0275bba60e557df22118_amd64",
"product": {
"name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:108683934e0081dd2b47d45b8645da0597e801d6393e0275bba60e557df22118_amd64",
"product_id": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:108683934e0081dd2b47d45b8645da0597e801d6393e0275bba60e557df22118_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-rhel8-operator@sha256:108683934e0081dd2b47d45b8645da0597e801d6393e0275bba60e557df22118?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/kubernetes-nmstate-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.gf83501a.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp@sha256:943abb445ca797dd4498970a989ea9fea2289f218021f9217791b2c6f11e7204_amd64",
"product": {
"name": "openshift4/ose-ptp@sha256:943abb445ca797dd4498970a989ea9fea2289f218021f9217791b2c6f11e7204_amd64",
"product_id": "openshift4/ose-ptp@sha256:943abb445ca797dd4498970a989ea9fea2289f218021f9217791b2c6f11e7204_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-ptp@sha256:943abb445ca797dd4498970a989ea9fea2289f218021f9217791b2c6f11e7204?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ptp\u0026tag=v4.12.0-202310170157.p0.g61e1363.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:12b4caa17dc0c6a579454a4e3204dac180e599e775952f4b42310c1c417e16a0_amd64",
"product": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:12b4caa17dc0c6a579454a4e3204dac180e599e775952f4b42310c1c417e16a0_amd64",
"product_id": "openshift4/ose-local-storage-mustgather-rhel8@sha256:12b4caa17dc0c6a579454a4e3204dac180e599e775952f4b42310c1c417e16a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-mustgather-rhel8@sha256:12b4caa17dc0c6a579454a4e3204dac180e599e775952f4b42310c1c417e16a0?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-mustgather-rhel8\u0026tag=v4.12.0-202310170157.p0.gbc3f9b7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"product": {
"name": "openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"product_id": "openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel8\u0026tag=v4.12.0-202310170157.p0.ga1883ad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift-tech-preview/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"product": {
"name": "openshift-tech-preview/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"product_id": "openshift-tech-preview/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-tech-preview/metallb-rhel8\u0026tag=v4.12.0-202310170157.p0.ga1883ad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel8-operator@sha256:8a7ff91387a533b4727278f654260f37031a9f25bd8e020e9cc6b8801d2e53ef_amd64",
"product": {
"name": "openshift4/metallb-rhel8-operator@sha256:8a7ff91387a533b4727278f654260f37031a9f25bd8e020e9cc6b8801d2e53ef_amd64",
"product_id": "openshift4/metallb-rhel8-operator@sha256:8a7ff91387a533b4727278f654260f37031a9f25bd8e020e9cc6b8801d2e53ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel8-operator@sha256:8a7ff91387a533b4727278f654260f37031a9f25bd8e020e9cc6b8801d2e53ef?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.ge40db5b.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp-operator@sha256:e92c59a8d4e936b06cb0de3e438361c96d01cde7f1171589a88c88287d6e7ca2_amd64",
"product": {
"name": "openshift4/ose-ptp-operator@sha256:e92c59a8d4e936b06cb0de3e438361c96d01cde7f1171589a88c88287d6e7ca2_amd64",
"product_id": "openshift4/ose-ptp-operator@sha256:e92c59a8d4e936b06cb0de3e438361c96d01cde7f1171589a88c88287d6e7ca2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-ptp-operator@sha256:e92c59a8d4e936b06cb0de3e438361c96d01cde7f1171589a88c88287d6e7ca2?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-operator\u0026tag=v4.12.0-202310170157.p0.g9b88ec5.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:dffd809542c7760bdf7472627559c49fee48f047504c2e6c3b9f38ecf8baa4bb_amd64",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:dffd809542c7760bdf7472627559c49fee48f047504c2e6c3b9f38ecf8baa4bb_amd64",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:dffd809542c7760bdf7472627559c49fee48f047504c2e6c3b9f38ecf8baa4bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:dffd809542c7760bdf7472627559c49fee48f047504c2e6c3b9f38ecf8baa4bb?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.12.0-202310170157.p0.g6ab8e62.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:e54b54d3821392f09f3a19bae19b93434dfad6327e8aa910a293ce8eeb6661bb_amd64",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:e54b54d3821392f09f3a19bae19b93434dfad6327e8aa910a293ce8eeb6661bb_amd64",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:e54b54d3821392f09f3a19bae19b93434dfad6327e8aa910a293ce8eeb6661bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:e54b54d3821392f09f3a19bae19b93434dfad6327e8aa910a293ce8eeb6661bb?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.ga64bda3.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ptp-must-gather-rhel8@sha256:281b0039a3814d7b49ccdb26c1a94b2067219cd38aad5d757f9b92867c59312e_amd64",
"product": {
"name": "openshift4/ptp-must-gather-rhel8@sha256:281b0039a3814d7b49ccdb26c1a94b2067219cd38aad5d757f9b92867c59312e_amd64",
"product_id": "openshift4/ptp-must-gather-rhel8@sha256:281b0039a3814d7b49ccdb26c1a94b2067219cd38aad5d757f9b92867c59312e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ptp-must-gather-rhel8@sha256:281b0039a3814d7b49ccdb26c1a94b2067219cd38aad5d757f9b92867c59312e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ptp-must-gather-rhel8\u0026tag=v4.12.0-202310170157.p0.g9b88ec5.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-cni@sha256:f7c79c165d548816014e0d66064378e9d069cee6c0ddd353b6a370ea64a6cf9d_amd64",
"product": {
"name": "openshift4/ose-sriov-cni@sha256:f7c79c165d548816014e0d66064378e9d069cee6c0ddd353b6a370ea64a6cf9d_amd64",
"product_id": "openshift4/ose-sriov-cni@sha256:f7c79c165d548816014e0d66064378e9d069cee6c0ddd353b6a370ea64a6cf9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-cni@sha256:f7c79c165d548816014e0d66064378e9d069cee6c0ddd353b6a370ea64a6cf9d?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-cni\u0026tag=v4.12.0-202310170157.p0.g295fe45.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:d3cd88d666e7f66c126fc2d555bc5359f5d4786521b0a874049007b7b71180b1_amd64",
"product": {
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:d3cd88d666e7f66c126fc2d555bc5359f5d4786521b0a874049007b7b71180b1_amd64",
"product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:d3cd88d666e7f66c126fc2d555bc5359f5d4786521b0a874049007b7b71180b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:d3cd88d666e7f66c126fc2d555bc5359f5d4786521b0a874049007b7b71180b1?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.12.0-202310170157.p0.g257b2c5.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-config-daemon@sha256:bea03b981c6bac55ae89e42d24a49dd3876f3005beb9e4b5ea54be8248b15a45_amd64",
"product": {
"name": "openshift4/ose-sriov-network-config-daemon@sha256:bea03b981c6bac55ae89e42d24a49dd3876f3005beb9e4b5ea54be8248b15a45_amd64",
"product_id": "openshift4/ose-sriov-network-config-daemon@sha256:bea03b981c6bac55ae89e42d24a49dd3876f3005beb9e4b5ea54be8248b15a45_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-config-daemon@sha256:bea03b981c6bac55ae89e42d24a49dd3876f3005beb9e4b5ea54be8248b15a45?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-config-daemon\u0026tag=v4.12.0-202310170157.p0.g8061602.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64",
"product": {
"name": "openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64",
"product_id": "openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-device-plugin\u0026tag=v4.12.0-202310170157.p0.g851a66b.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-operator@sha256:af60d3aa0ad2d4c7db1e5d0b37ffe1e48887ee9e32b937c3605e396a8e0c5b8e_amd64",
"product": {
"name": "openshift4/ose-sriov-network-operator@sha256:af60d3aa0ad2d4c7db1e5d0b37ffe1e48887ee9e32b937c3605e396a8e0c5b8e_amd64",
"product_id": "openshift4/ose-sriov-network-operator@sha256:af60d3aa0ad2d4c7db1e5d0b37ffe1e48887ee9e32b937c3605e396a8e0c5b8e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-operator@sha256:af60d3aa0ad2d4c7db1e5d0b37ffe1e48887ee9e32b937c3605e396a8e0c5b8e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.12.0-202310170157.p0.g8061602.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-webhook@sha256:cbcc16844ae0319de243aaf1a5a1144f184e33b35e038fcc030ff5f0a4505d2e_amd64",
"product": {
"name": "openshift4/ose-sriov-network-webhook@sha256:cbcc16844ae0319de243aaf1a5a1144f184e33b35e038fcc030ff5f0a4505d2e_amd64",
"product_id": "openshift4/ose-sriov-network-webhook@sha256:cbcc16844ae0319de243aaf1a5a1144f184e33b35e038fcc030ff5f0a4505d2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-webhook@sha256:cbcc16844ae0319de243aaf1a5a1144f184e33b35e038fcc030ff5f0a4505d2e?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-webhook\u0026tag=v4.12.0-202310170157.p0.g8061602.assembly.stream"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x",
"product": {
"name": "openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x",
"product_id": "openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-descheduler\u0026tag=v4.12.0-202310170157.p0.ge8e0600.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x",
"product": {
"name": "openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x",
"product_id": "openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-node-problem-detector-rhel8\u0026tag=v4.12.0-202310170157.p0.g3ce7998.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-nfd-operator@sha256:4a15d356228a39cca0126c3df8b30fc2bcbd89e95f1bb24d67c342e01011840d_s390x",
"product": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:4a15d356228a39cca0126c3df8b30fc2bcbd89e95f1bb24d67c342e01011840d_s390x",
"product_id": "openshift4/ose-cluster-nfd-operator@sha256:4a15d356228a39cca0126c3df8b30fc2bcbd89e95f1bb24d67c342e01011840d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-nfd-operator@sha256:4a15d356228a39cca0126c3df8b30fc2bcbd89e95f1bb24d67c342e01011840d?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.12.0-202310170157.p0.g3d08a74.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall@sha256:b98d3493fe884eade42907b7d61a34d56e4da206d5211710862ea7a9b01052db_s390x",
"product": {
"name": "openshift4/ingress-node-firewall@sha256:b98d3493fe884eade42907b7d61a34d56e4da206d5211710862ea7a9b01052db_s390x",
"product_id": "openshift4/ingress-node-firewall@sha256:b98d3493fe884eade42907b7d61a34d56e4da206d5211710862ea7a9b01052db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall@sha256:b98d3493fe884eade42907b7d61a34d56e4da206d5211710862ea7a9b01052db?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall\u0026tag=v4.12.0-202310170157.p0.g3c81f59.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall-rhel8-operator@sha256:e723f8ef299deb977eabc5b96adf6f2d1dd37f5a892d338c56bef95bc6f8fd8c_s390x",
"product": {
"name": "openshift4/ingress-node-firewall-rhel8-operator@sha256:e723f8ef299deb977eabc5b96adf6f2d1dd37f5a892d338c56bef95bc6f8fd8c_s390x",
"product_id": "openshift4/ingress-node-firewall-rhel8-operator@sha256:e723f8ef299deb977eabc5b96adf6f2d1dd37f5a892d338c56bef95bc6f8fd8c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall-rhel8-operator@sha256:e723f8ef299deb977eabc5b96adf6f2d1dd37f5a892d338c56bef95bc6f8fd8c?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.g3c81f59.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-diskmaker@sha256:b4b53f3f4afa79b9a659370b8cbc2cad3116dfc0e2a3678c51147cf20cbd24d4_s390x",
"product": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:b4b53f3f4afa79b9a659370b8cbc2cad3116dfc0e2a3678c51147cf20cbd24d4_s390x",
"product_id": "openshift4/ose-local-storage-diskmaker@sha256:b4b53f3f4afa79b9a659370b8cbc2cad3116dfc0e2a3678c51147cf20cbd24d4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-diskmaker@sha256:b4b53f3f4afa79b9a659370b8cbc2cad3116dfc0e2a3678c51147cf20cbd24d4?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.12.0-202310170157.p0.gbc3f9b7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-operator@sha256:4b76c420c27896317fd2bcd6739221cbaa15f86dddeaf0e7615c6519e488d16f_s390x",
"product": {
"name": "openshift4/ose-local-storage-operator@sha256:4b76c420c27896317fd2bcd6739221cbaa15f86dddeaf0e7615c6519e488d16f_s390x",
"product_id": "openshift4/ose-local-storage-operator@sha256:4b76c420c27896317fd2bcd6739221cbaa15f86dddeaf0e7615c6519e488d16f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-operator@sha256:4b76c420c27896317fd2bcd6739221cbaa15f86dddeaf0e7615c6519e488d16f?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.12.0-202310170157.p0.gbc3f9b7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-node-feature-discovery@sha256:bd2b362dfb3f83a1eaf31cf852fefe7517d9272b508ef671c18c07d542c384c2_s390x",
"product": {
"name": "openshift4/ose-node-feature-discovery@sha256:bd2b362dfb3f83a1eaf31cf852fefe7517d9272b508ef671c18c07d542c384c2_s390x",
"product_id": "openshift4/ose-node-feature-discovery@sha256:bd2b362dfb3f83a1eaf31cf852fefe7517d9272b508ef671c18c07d542c384c2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-node-feature-discovery@sha256:bd2b362dfb3f83a1eaf31cf852fefe7517d9272b508ef671c18c07d542c384c2?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.12.0-202310170157.p0.g5e2696b.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ansible-operator@sha256:e98cc3ff99e6b1040ffb579e6bb581a02101cb9935ac2a5a69245d3eb8e9773d_s390x",
"product": {
"name": "openshift4/ose-ansible-operator@sha256:e98cc3ff99e6b1040ffb579e6bb581a02101cb9935ac2a5a69245d3eb8e9773d_s390x",
"product_id": "openshift4/ose-ansible-operator@sha256:e98cc3ff99e6b1040ffb579e6bb581a02101cb9935ac2a5a69245d3eb8e9773d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-ansible-operator@sha256:e98cc3ff99e6b1040ffb579e6bb581a02101cb9935ac2a5a69245d3eb8e9773d?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.12.0-202310170157.p0.ge11bcad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-capacity@sha256:102b294d1a9965c935a74a7eaae9f2e7be4d747bdba1f9860206fb231e057ee3_s390x",
"product": {
"name": "openshift4/ose-cluster-capacity@sha256:102b294d1a9965c935a74a7eaae9f2e7be4d747bdba1f9860206fb231e057ee3_s390x",
"product_id": "openshift4/ose-cluster-capacity@sha256:102b294d1a9965c935a74a7eaae9f2e7be4d747bdba1f9860206fb231e057ee3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-capacity@sha256:102b294d1a9965c935a74a7eaae9f2e7be4d747bdba1f9860206fb231e057ee3?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.12.0-202310170157.p0.g834db11.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-helm-operator@sha256:9859c36ad6668fa092d1023a3f75a2828b0868951fa309c44e8f431add419288_s390x",
"product": {
"name": "openshift4/ose-helm-operator@sha256:9859c36ad6668fa092d1023a3f75a2828b0868951fa309c44e8f431add419288_s390x",
"product_id": "openshift4/ose-helm-operator@sha256:9859c36ad6668fa092d1023a3f75a2828b0868951fa309c44e8f431add419288_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-helm-operator@sha256:9859c36ad6668fa092d1023a3f75a2828b0868951fa309c44e8f431add419288?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.12.0-202310170157.p0.ge11bcad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-sdk-rhel8@sha256:1021d8e034641627457b8fc54d33d307c09f815dc5f7fc28bca44314e39c169d_s390x",
"product": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:1021d8e034641627457b8fc54d33d307c09f815dc5f7fc28bca44314e39c169d_s390x",
"product_id": "openshift4/ose-operator-sdk-rhel8@sha256:1021d8e034641627457b8fc54d33d307c09f815dc5f7fc28bca44314e39c169d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-operator-sdk-rhel8@sha256:1021d8e034641627457b8fc54d33d307c09f815dc5f7fc28bca44314e39c169d?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-operator-sdk-rhel8\u0026tag=v4.12.0-202310170157.p0.ge11bcad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:93ffc29f43f0e8a0ea41d09806e66e9d881b17817623ed74dc226fbc80403346_s390x",
"product": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:93ffc29f43f0e8a0ea41d09806e66e9d881b17817623ed74dc226fbc80403346_s390x",
"product_id": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:93ffc29f43f0e8a0ea41d09806e66e9d881b17817623ed74dc226fbc80403346_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-kubernetes-nmstate-handler-rhel8@sha256:93ffc29f43f0e8a0ea41d09806e66e9d881b17817623ed74dc226fbc80403346?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel8\u0026tag=v4.12.0-202310170157.p0.gf83501a.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"product": {
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-kube-descheduler-rhel8-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.gda308c7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"product": {
"name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"product_id": "openshift4/ose-cluster-kube-descheduler-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-kube-descheduler-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-operator\u0026tag=v4.12.0-202310170157.p0.gda308c7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:12f3f2b0d1c7b2735dc7770674e6ab8141bc8936f89f8fcca2f037bd10ace649_s390x",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:12f3f2b0d1c7b2735dc7770674e6ab8141bc8936f89f8fcca2f037bd10ace649_s390x",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:12f3f2b0d1c7b2735dc7770674e6ab8141bc8936f89f8fcca2f037bd10ace649_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:12f3f2b0d1c7b2735dc7770674e6ab8141bc8936f89f8fcca2f037bd10ace649?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.12.0-202310170157.p0.g4cd14c4.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b388f12cca8cee34bf6703c5111fa157c9cc795dacf68e089ffb45816d3dc0a7_s390x",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b388f12cca8cee34bf6703c5111fa157c9cc795dacf68e089ffb45816d3dc0a7_s390x",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b388f12cca8cee34bf6703c5111fa157c9cc795dacf68e089ffb45816d3dc0a7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:b388f12cca8cee34bf6703c5111fa157c9cc795dacf68e089ffb45816d3dc0a7?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.g9df3229.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-contour-rhel8@sha256:e26479f66f80f84815aa411c80ed8ffc2b090fcef1bedfcce49d8f2bd41fd771_s390x",
"product": {
"name": "openshift4/ose-contour-rhel8@sha256:e26479f66f80f84815aa411c80ed8ffc2b090fcef1bedfcce49d8f2bd41fd771_s390x",
"product_id": "openshift4/ose-contour-rhel8@sha256:e26479f66f80f84815aa411c80ed8ffc2b090fcef1bedfcce49d8f2bd41fd771_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-contour-rhel8@sha256:e26479f66f80f84815aa411c80ed8ffc2b090fcef1bedfcce49d8f2bd41fd771?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-contour-rhel8\u0026tag=v4.12.0-202310170157.p0.g45e9b62.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:d689ec4ac0e0148633f7bca9005e82461f1951659c2da3a9bffe6038e2101095_s390x",
"product": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:d689ec4ac0e0148633f7bca9005e82461f1951659c2da3a9bffe6038e2101095_s390x",
"product_id": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:d689ec4ac0e0148633f7bca9005e82461f1951659c2da3a9bffe6038e2101095_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:d689ec4ac0e0148633f7bca9005e82461f1951659c2da3a9bffe6038e2101095?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel8\u0026tag=v4.12.0-202310170157.p0.g20cffc0.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:780bf0296dfeb56ea236682bde3a200953f52ffc4a7806e57a1b2a9907edc6a0_s390x",
"product": {
"name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:780bf0296dfeb56ea236682bde3a200953f52ffc4a7806e57a1b2a9907edc6a0_s390x",
"product_id": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:780bf0296dfeb56ea236682bde3a200953f52ffc4a7806e57a1b2a9907edc6a0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-rhel8-operator@sha256:780bf0296dfeb56ea236682bde3a200953f52ffc4a7806e57a1b2a9907edc6a0?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/kubernetes-nmstate-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.gf83501a.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:91cac5f0553d39db5db6c917895739c5aa4c7b8d6d13c7a3a5e44edc3995dd4e_s390x",
"product": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:91cac5f0553d39db5db6c917895739c5aa4c7b8d6d13c7a3a5e44edc3995dd4e_s390x",
"product_id": "openshift4/ose-local-storage-mustgather-rhel8@sha256:91cac5f0553d39db5db6c917895739c5aa4c7b8d6d13c7a3a5e44edc3995dd4e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-mustgather-rhel8@sha256:91cac5f0553d39db5db6c917895739c5aa4c7b8d6d13c7a3a5e44edc3995dd4e?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-mustgather-rhel8\u0026tag=v4.12.0-202310170157.p0.gbc3f9b7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"product": {
"name": "openshift4/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"product_id": "openshift4/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel8\u0026tag=v4.12.0-202310170157.p0.ga1883ad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift-tech-preview/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"product": {
"name": "openshift-tech-preview/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"product_id": "openshift-tech-preview/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-tech-preview/metallb-rhel8\u0026tag=v4.12.0-202310170157.p0.ga1883ad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x",
"product": {
"name": "openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x",
"product_id": "openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.ge40db5b.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:2882b66ef1e76d922697e45ce2c2d7d2cb610894d0291538b816f456d2c46950_s390x",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:2882b66ef1e76d922697e45ce2c2d7d2cb610894d0291538b816f456d2c46950_s390x",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:2882b66ef1e76d922697e45ce2c2d7d2cb610894d0291538b816f456d2c46950_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:2882b66ef1e76d922697e45ce2c2d7d2cb610894d0291538b816f456d2c46950?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.12.0-202310170157.p0.g6ab8e62.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:bd890d83f7ae835728de79196793adffaf2d19f00141322ac490877c6d0fe873_s390x",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:bd890d83f7ae835728de79196793adffaf2d19f00141322ac490877c6d0fe873_s390x",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:bd890d83f7ae835728de79196793adffaf2d19f00141322ac490877c6d0fe873_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:bd890d83f7ae835728de79196793adffaf2d19f00141322ac490877c6d0fe873?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.ga64bda3.assembly.stream"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-descheduler@sha256:9253717b1bce094dbdd7d9d6af6485e7719d69aef97938c75f991f83392af4ef_arm64",
"product": {
"name": "openshift4/ose-descheduler@sha256:9253717b1bce094dbdd7d9d6af6485e7719d69aef97938c75f991f83392af4ef_arm64",
"product_id": "openshift4/ose-descheduler@sha256:9253717b1bce094dbdd7d9d6af6485e7719d69aef97938c75f991f83392af4ef_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-descheduler@sha256:9253717b1bce094dbdd7d9d6af6485e7719d69aef97938c75f991f83392af4ef?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-descheduler\u0026tag=v4.12.0-202310170157.p0.ge8e0600.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-node-problem-detector-rhel8@sha256:20092764d0e33eabdeb74f73502d442d54e9b18ef69ecb84d62b7be17dc16ce4_arm64",
"product": {
"name": "openshift4/ose-node-problem-detector-rhel8@sha256:20092764d0e33eabdeb74f73502d442d54e9b18ef69ecb84d62b7be17dc16ce4_arm64",
"product_id": "openshift4/ose-node-problem-detector-rhel8@sha256:20092764d0e33eabdeb74f73502d442d54e9b18ef69ecb84d62b7be17dc16ce4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-node-problem-detector-rhel8@sha256:20092764d0e33eabdeb74f73502d442d54e9b18ef69ecb84d62b7be17dc16ce4?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-node-problem-detector-rhel8\u0026tag=v4.12.0-202310170157.p0.g3ce7998.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cloud-event-proxy@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"product": {
"name": "openshift4/ose-cloud-event-proxy@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"product_id": "openshift4/ose-cloud-event-proxy@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cloud-event-proxy@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-cloud-event-proxy\u0026tag=v4.12.0-202310170157.p0.g23ad6e2.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"product": {
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"product_id": "openshift4/ose-cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-cloud-event-proxy-rhel8\u0026tag=v4.12.0-202310170157.p0.g23ad6e2.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"product": {
"name": "openshift4/cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"product_id": "openshift4/cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/cloud-event-proxy-rhel8\u0026tag=v4.12.0-202310170157.p0.g23ad6e2.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-nfd-operator@sha256:ba7a52e143b77cf3f1972da8cc02ab5587d0dff77b8e975c522a0fc9f05d59a2_arm64",
"product": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:ba7a52e143b77cf3f1972da8cc02ab5587d0dff77b8e975c522a0fc9f05d59a2_arm64",
"product_id": "openshift4/ose-cluster-nfd-operator@sha256:ba7a52e143b77cf3f1972da8cc02ab5587d0dff77b8e975c522a0fc9f05d59a2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-nfd-operator@sha256:ba7a52e143b77cf3f1972da8cc02ab5587d0dff77b8e975c522a0fc9f05d59a2?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.12.0-202310170157.p0.g3d08a74.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64",
"product": {
"name": "openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64",
"product_id": "openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/dpu-network-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.gbc123b4.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64",
"product": {
"name": "openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64",
"product_id": "openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.12.0-202310170157.p0.g6f976ac.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall@sha256:7fa41d4dc5d21f6970e55374a0d3c1d1a1d1e70b802538bae0067add8d17fb2d_arm64",
"product": {
"name": "openshift4/ingress-node-firewall@sha256:7fa41d4dc5d21f6970e55374a0d3c1d1a1d1e70b802538bae0067add8d17fb2d_arm64",
"product_id": "openshift4/ingress-node-firewall@sha256:7fa41d4dc5d21f6970e55374a0d3c1d1a1d1e70b802538bae0067add8d17fb2d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall@sha256:7fa41d4dc5d21f6970e55374a0d3c1d1a1d1e70b802538bae0067add8d17fb2d?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall\u0026tag=v4.12.0-202310170157.p0.g3c81f59.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall-rhel8-operator@sha256:a1199349c9f7321b67ec73a3bb7ec8eb02c1892fa8ff60d135c9957a48b1aa7d_arm64",
"product": {
"name": "openshift4/ingress-node-firewall-rhel8-operator@sha256:a1199349c9f7321b67ec73a3bb7ec8eb02c1892fa8ff60d135c9957a48b1aa7d_arm64",
"product_id": "openshift4/ingress-node-firewall-rhel8-operator@sha256:a1199349c9f7321b67ec73a3bb7ec8eb02c1892fa8ff60d135c9957a48b1aa7d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall-rhel8-operator@sha256:a1199349c9f7321b67ec73a3bb7ec8eb02c1892fa8ff60d135c9957a48b1aa7d?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.g3c81f59.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64",
"product": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64",
"product_id": "openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.12.0-202310170157.p0.gbc3f9b7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-operator@sha256:136b1a956321aefe3f6840c284a1418c7eef97f1c01acc85195ba32492d4e227_arm64",
"product": {
"name": "openshift4/ose-local-storage-operator@sha256:136b1a956321aefe3f6840c284a1418c7eef97f1c01acc85195ba32492d4e227_arm64",
"product_id": "openshift4/ose-local-storage-operator@sha256:136b1a956321aefe3f6840c284a1418c7eef97f1c01acc85195ba32492d4e227_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-operator@sha256:136b1a956321aefe3f6840c284a1418c7eef97f1c01acc85195ba32492d4e227?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.12.0-202310170157.p0.gbc3f9b7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-node-feature-discovery@sha256:d0223b0dbd14725bdd3529ddf690fe0ef64a3e43ccde6da44738a3264292219f_arm64",
"product": {
"name": "openshift4/ose-node-feature-discovery@sha256:d0223b0dbd14725bdd3529ddf690fe0ef64a3e43ccde6da44738a3264292219f_arm64",
"product_id": "openshift4/ose-node-feature-discovery@sha256:d0223b0dbd14725bdd3529ddf690fe0ef64a3e43ccde6da44738a3264292219f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-node-feature-discovery@sha256:d0223b0dbd14725bdd3529ddf690fe0ef64a3e43ccde6da44738a3264292219f?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.12.0-202310170157.p0.g5e2696b.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ansible-operator@sha256:30ef56694e5cf07818c01dde16463a65133effbc045006a74479e34fcefbde70_arm64",
"product": {
"name": "openshift4/ose-ansible-operator@sha256:30ef56694e5cf07818c01dde16463a65133effbc045006a74479e34fcefbde70_arm64",
"product_id": "openshift4/ose-ansible-operator@sha256:30ef56694e5cf07818c01dde16463a65133effbc045006a74479e34fcefbde70_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-ansible-operator@sha256:30ef56694e5cf07818c01dde16463a65133effbc045006a74479e34fcefbde70?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.12.0-202310170157.p0.ge11bcad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2_arm64",
"product": {
"name": "openshift4/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2_arm64",
"product_id": "openshift4/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.12.0-202310170157.p0.g834db11.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-helm-operator@sha256:65e5e849c5ef5ea84ea3c4e07739938999d8ea2ecefccd5544d8e2ca672ef46a_arm64",
"product": {
"name": "openshift4/ose-helm-operator@sha256:65e5e849c5ef5ea84ea3c4e07739938999d8ea2ecefccd5544d8e2ca672ef46a_arm64",
"product_id": "openshift4/ose-helm-operator@sha256:65e5e849c5ef5ea84ea3c4e07739938999d8ea2ecefccd5544d8e2ca672ef46a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-helm-operator@sha256:65e5e849c5ef5ea84ea3c4e07739938999d8ea2ecefccd5544d8e2ca672ef46a?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.12.0-202310170157.p0.ge11bcad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-sdk-rhel8@sha256:3a5f632a8271a7ebc902eebeed596e0350c2e745b8e041cbe353f15f85df50bf_arm64",
"product": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:3a5f632a8271a7ebc902eebeed596e0350c2e745b8e041cbe353f15f85df50bf_arm64",
"product_id": "openshift4/ose-operator-sdk-rhel8@sha256:3a5f632a8271a7ebc902eebeed596e0350c2e745b8e041cbe353f15f85df50bf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-operator-sdk-rhel8@sha256:3a5f632a8271a7ebc902eebeed596e0350c2e745b8e041cbe353f15f85df50bf?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-operator-sdk-rhel8\u0026tag=v4.12.0-202310170157.p0.ge11bcad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:2a5e32f5ba01ca2d512ff93cc76b17d134923f85ed6241ef0818baff9f9fdf17_arm64",
"product": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:2a5e32f5ba01ca2d512ff93cc76b17d134923f85ed6241ef0818baff9f9fdf17_arm64",
"product_id": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:2a5e32f5ba01ca2d512ff93cc76b17d134923f85ed6241ef0818baff9f9fdf17_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-kubernetes-nmstate-handler-rhel8@sha256:2a5e32f5ba01ca2d512ff93cc76b17d134923f85ed6241ef0818baff9f9fdf17?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel8\u0026tag=v4.12.0-202310170157.p0.gf83501a.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:478a6fb62e9a5621cd26fc866aef1a0024164b42b37de80714b8e2dd6a366ca5_arm64",
"product": {
"name": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:478a6fb62e9a5621cd26fc866aef1a0024164b42b37de80714b8e2dd6a366ca5_arm64",
"product_id": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:478a6fb62e9a5621cd26fc866aef1a0024164b42b37de80714b8e2dd6a366ca5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-aws-efs-csi-driver-container-rhel8@sha256:478a6fb62e9a5621cd26fc866aef1a0024164b42b37de80714b8e2dd6a366ca5?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-aws-efs-csi-driver-container-rhel8\u0026tag=v4.12.0-202310170157.p0.ge59aa10.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ea669ecbf3fbda745413e79ba33a9d4e71585e0ba8665f200eb0e9a5b8226b9d_arm64",
"product": {
"name": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ea669ecbf3fbda745413e79ba33a9d4e71585e0ba8665f200eb0e9a5b8226b9d_arm64",
"product_id": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ea669ecbf3fbda745413e79ba33a9d4e71585e0ba8665f200eb0e9a5b8226b9d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-aws-efs-csi-driver-rhel8-operator@sha256:ea669ecbf3fbda745413e79ba33a9d4e71585e0ba8665f200eb0e9a5b8226b9d?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-aws-efs-csi-driver-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.ge755d4c.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"product": {
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-kube-descheduler-rhel8-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.gda308c7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"product": {
"name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"product_id": "openshift4/ose-cluster-kube-descheduler-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-kube-descheduler-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-operator\u0026tag=v4.12.0-202310170157.p0.gda308c7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:c82c0e4dab2cbad793f89eb4fa612b37762afb2643432e984d07196637025108_arm64",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:c82c0e4dab2cbad793f89eb4fa612b37762afb2643432e984d07196637025108_arm64",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:c82c0e4dab2cbad793f89eb4fa612b37762afb2643432e984d07196637025108_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:c82c0e4dab2cbad793f89eb4fa612b37762afb2643432e984d07196637025108?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.12.0-202310170157.p0.g4cd14c4.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f5182cd7ee2e3c2bb579e818fbc81f66298609c7c211ffa714713704be5f62fc_arm64",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f5182cd7ee2e3c2bb579e818fbc81f66298609c7c211ffa714713704be5f62fc_arm64",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f5182cd7ee2e3c2bb579e818fbc81f66298609c7c211ffa714713704be5f62fc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:f5182cd7ee2e3c2bb579e818fbc81f66298609c7c211ffa714713704be5f62fc?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.g9df3229.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-contour-rhel8@sha256:f30257831f2167be88df438a550bafd9670231ba62d04d2f403f898c64c5b013_arm64",
"product": {
"name": "openshift4/ose-contour-rhel8@sha256:f30257831f2167be88df438a550bafd9670231ba62d04d2f403f898c64c5b013_arm64",
"product_id": "openshift4/ose-contour-rhel8@sha256:f30257831f2167be88df438a550bafd9670231ba62d04d2f403f898c64c5b013_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-contour-rhel8@sha256:f30257831f2167be88df438a550bafd9670231ba62d04d2f403f898c64c5b013?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-contour-rhel8\u0026tag=v4.12.0-202310170157.p0.g45e9b62.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:5b2e6d7f2775d4bb5667c9b945e045bfdaf428570fb27818c70630075c9d1f70_arm64",
"product": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:5b2e6d7f2775d4bb5667c9b945e045bfdaf428570fb27818c70630075c9d1f70_arm64",
"product_id": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:5b2e6d7f2775d4bb5667c9b945e045bfdaf428570fb27818c70630075c9d1f70_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:5b2e6d7f2775d4bb5667c9b945e045bfdaf428570fb27818c70630075c9d1f70?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel8\u0026tag=v4.12.0-202310170157.p0.g20cffc0.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:46e5e9c1a0de429ce010c8413c436b65db487b901559a31ec12d7ad5ac285ee9_arm64",
"product": {
"name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:46e5e9c1a0de429ce010c8413c436b65db487b901559a31ec12d7ad5ac285ee9_arm64",
"product_id": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:46e5e9c1a0de429ce010c8413c436b65db487b901559a31ec12d7ad5ac285ee9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-rhel8-operator@sha256:46e5e9c1a0de429ce010c8413c436b65db487b901559a31ec12d7ad5ac285ee9?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/kubernetes-nmstate-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.gf83501a.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp@sha256:495c6bdf9f1ddf6ba42f160e3459afd57e163025f2b3448b4e1c486be0c1d437_arm64",
"product": {
"name": "openshift4/ose-ptp@sha256:495c6bdf9f1ddf6ba42f160e3459afd57e163025f2b3448b4e1c486be0c1d437_arm64",
"product_id": "openshift4/ose-ptp@sha256:495c6bdf9f1ddf6ba42f160e3459afd57e163025f2b3448b4e1c486be0c1d437_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-ptp@sha256:495c6bdf9f1ddf6ba42f160e3459afd57e163025f2b3448b4e1c486be0c1d437?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-ptp\u0026tag=v4.12.0-202310170157.p0.g61e1363.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190_arm64",
"product": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190_arm64",
"product_id": "openshift4/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-mustgather-rhel8\u0026tag=v4.12.0-202310170157.p0.gbc3f9b7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"product": {
"name": "openshift4/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"product_id": "openshift4/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel8\u0026tag=v4.12.0-202310170157.p0.ga1883ad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift-tech-preview/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"product": {
"name": "openshift-tech-preview/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"product_id": "openshift-tech-preview/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07?arch=arm64\u0026repository_url=registry.redhat.io/openshift-tech-preview/metallb-rhel8\u0026tag=v4.12.0-202310170157.p0.ga1883ad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel8-operator@sha256:d017795ad6e97fbfbc4e63c212bb3df8fd253e7fe67e0764571be242e8a67bd6_arm64",
"product": {
"name": "openshift4/metallb-rhel8-operator@sha256:d017795ad6e97fbfbc4e63c212bb3df8fd253e7fe67e0764571be242e8a67bd6_arm64",
"product_id": "openshift4/metallb-rhel8-operator@sha256:d017795ad6e97fbfbc4e63c212bb3df8fd253e7fe67e0764571be242e8a67bd6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel8-operator@sha256:d017795ad6e97fbfbc4e63c212bb3df8fd253e7fe67e0764571be242e8a67bd6?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.ge40db5b.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp-operator@sha256:66aae4c0b92a1594526c3fb959d0baac6a277ac88a2796be9dcb7aa4a48e18ee_arm64",
"product": {
"name": "openshift4/ose-ptp-operator@sha256:66aae4c0b92a1594526c3fb959d0baac6a277ac88a2796be9dcb7aa4a48e18ee_arm64",
"product_id": "openshift4/ose-ptp-operator@sha256:66aae4c0b92a1594526c3fb959d0baac6a277ac88a2796be9dcb7aa4a48e18ee_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-ptp-operator@sha256:66aae4c0b92a1594526c3fb959d0baac6a277ac88a2796be9dcb7aa4a48e18ee?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-operator\u0026tag=v4.12.0-202310170157.p0.g9b88ec5.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:c799e7fcecfbc2e2ef573c2c885d88ced5a39f0a15016a927ddb4f5ef6d6299a_arm64",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:c799e7fcecfbc2e2ef573c2c885d88ced5a39f0a15016a927ddb4f5ef6d6299a_arm64",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:c799e7fcecfbc2e2ef573c2c885d88ced5a39f0a15016a927ddb4f5ef6d6299a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:c799e7fcecfbc2e2ef573c2c885d88ced5a39f0a15016a927ddb4f5ef6d6299a?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.12.0-202310170157.p0.g6ab8e62.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:90ad52c3f906026e9c5576559fec7541bec9a3159690f98990a225f7b45bfe5e_arm64",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:90ad52c3f906026e9c5576559fec7541bec9a3159690f98990a225f7b45bfe5e_arm64",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:90ad52c3f906026e9c5576559fec7541bec9a3159690f98990a225f7b45bfe5e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:90ad52c3f906026e9c5576559fec7541bec9a3159690f98990a225f7b45bfe5e?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.ga64bda3.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64",
"product": {
"name": "openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64",
"product_id": "openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ptp-must-gather-rhel8\u0026tag=v4.12.0-202310170157.p0.g9b88ec5.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-cni@sha256:ebab320cd12116d6368e99680d8eabbd48a9552f5fb0fdafa8fe3de8dbeb3748_arm64",
"product": {
"name": "openshift4/ose-sriov-cni@sha256:ebab320cd12116d6368e99680d8eabbd48a9552f5fb0fdafa8fe3de8dbeb3748_arm64",
"product_id": "openshift4/ose-sriov-cni@sha256:ebab320cd12116d6368e99680d8eabbd48a9552f5fb0fdafa8fe3de8dbeb3748_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-cni@sha256:ebab320cd12116d6368e99680d8eabbd48a9552f5fb0fdafa8fe3de8dbeb3748?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-cni\u0026tag=v4.12.0-202310170157.p0.g295fe45.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:ef957e1d49d8dd4576e7ab4c2d6559d96f294452e846d1f2244dfae1f86a7e33_arm64",
"product": {
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:ef957e1d49d8dd4576e7ab4c2d6559d96f294452e846d1f2244dfae1f86a7e33_arm64",
"product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:ef957e1d49d8dd4576e7ab4c2d6559d96f294452e846d1f2244dfae1f86a7e33_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:ef957e1d49d8dd4576e7ab4c2d6559d96f294452e846d1f2244dfae1f86a7e33?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.12.0-202310170157.p0.g257b2c5.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-config-daemon@sha256:2629ac0c79df36ac8beec9467ad2c4963ad10c88544a2774539c0b3aad132329_arm64",
"product": {
"name": "openshift4/ose-sriov-network-config-daemon@sha256:2629ac0c79df36ac8beec9467ad2c4963ad10c88544a2774539c0b3aad132329_arm64",
"product_id": "openshift4/ose-sriov-network-config-daemon@sha256:2629ac0c79df36ac8beec9467ad2c4963ad10c88544a2774539c0b3aad132329_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-config-daemon@sha256:2629ac0c79df36ac8beec9467ad2c4963ad10c88544a2774539c0b3aad132329?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-config-daemon\u0026tag=v4.12.0-202310170157.p0.g8061602.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-device-plugin@sha256:5654025cb60c9c42fa0e638ef2e7a84d89bdf5cfefb8a25ab162687bda8adcb6_arm64",
"product": {
"name": "openshift4/ose-sriov-network-device-plugin@sha256:5654025cb60c9c42fa0e638ef2e7a84d89bdf5cfefb8a25ab162687bda8adcb6_arm64",
"product_id": "openshift4/ose-sriov-network-device-plugin@sha256:5654025cb60c9c42fa0e638ef2e7a84d89bdf5cfefb8a25ab162687bda8adcb6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-device-plugin@sha256:5654025cb60c9c42fa0e638ef2e7a84d89bdf5cfefb8a25ab162687bda8adcb6?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-device-plugin\u0026tag=v4.12.0-202310170157.p0.g851a66b.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-operator@sha256:44ffe87e64a9e73fdb4fabe6d59aa06e802216cda0ee76c06170fdeb7014b82e_arm64",
"product": {
"name": "openshift4/ose-sriov-network-operator@sha256:44ffe87e64a9e73fdb4fabe6d59aa06e802216cda0ee76c06170fdeb7014b82e_arm64",
"product_id": "openshift4/ose-sriov-network-operator@sha256:44ffe87e64a9e73fdb4fabe6d59aa06e802216cda0ee76c06170fdeb7014b82e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-operator@sha256:44ffe87e64a9e73fdb4fabe6d59aa06e802216cda0ee76c06170fdeb7014b82e?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.12.0-202310170157.p0.g8061602.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-webhook@sha256:7c93705cc65a1575a2d8e775860a032845f09c9014ea22d7d60a644cc7215fee_arm64",
"product": {
"name": "openshift4/ose-sriov-network-webhook@sha256:7c93705cc65a1575a2d8e775860a032845f09c9014ea22d7d60a644cc7215fee_arm64",
"product_id": "openshift4/ose-sriov-network-webhook@sha256:7c93705cc65a1575a2d8e775860a032845f09c9014ea22d7d60a644cc7215fee_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-webhook@sha256:7c93705cc65a1575a2d8e775860a032845f09c9014ea22d7d60a644cc7215fee?arch=arm64\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-webhook\u0026tag=v4.12.0-202310170157.p0.g8061602.assembly.stream"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift4/ose-descheduler@sha256:c71f5f4d3f62199c89ef05cba94f805f074500dbbce33efcbb421ed9abc5be12_ppc64le",
"product": {
"name": "openshift4/ose-descheduler@sha256:c71f5f4d3f62199c89ef05cba94f805f074500dbbce33efcbb421ed9abc5be12_ppc64le",
"product_id": "openshift4/ose-descheduler@sha256:c71f5f4d3f62199c89ef05cba94f805f074500dbbce33efcbb421ed9abc5be12_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-descheduler@sha256:c71f5f4d3f62199c89ef05cba94f805f074500dbbce33efcbb421ed9abc5be12?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-descheduler\u0026tag=v4.12.0-202310170157.p0.ge8e0600.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-node-problem-detector-rhel8@sha256:2eb4baac81c48822b89850e4ca02f2ecaf49dcba63dca5343a4f52587827d330_ppc64le",
"product": {
"name": "openshift4/ose-node-problem-detector-rhel8@sha256:2eb4baac81c48822b89850e4ca02f2ecaf49dcba63dca5343a4f52587827d330_ppc64le",
"product_id": "openshift4/ose-node-problem-detector-rhel8@sha256:2eb4baac81c48822b89850e4ca02f2ecaf49dcba63dca5343a4f52587827d330_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-node-problem-detector-rhel8@sha256:2eb4baac81c48822b89850e4ca02f2ecaf49dcba63dca5343a4f52587827d330?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-node-problem-detector-rhel8\u0026tag=v4.12.0-202310170157.p0.g3ce7998.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cloud-event-proxy@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"product": {
"name": "openshift4/ose-cloud-event-proxy@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"product_id": "openshift4/ose-cloud-event-proxy@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-cloud-event-proxy@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cloud-event-proxy\u0026tag=v4.12.0-202310170157.p0.g23ad6e2.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"product": {
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"product_id": "openshift4/ose-cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cloud-event-proxy-rhel8\u0026tag=v4.12.0-202310170157.p0.g23ad6e2.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"product": {
"name": "openshift4/cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"product_id": "openshift4/cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/cloud-event-proxy-rhel8\u0026tag=v4.12.0-202310170157.p0.g23ad6e2.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-nfd-operator@sha256:4382fb0818dd63af22b8fc8fc5cfb614be6f7ea8ea5ced779a528f7c47175880_ppc64le",
"product": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:4382fb0818dd63af22b8fc8fc5cfb614be6f7ea8ea5ced779a528f7c47175880_ppc64le",
"product_id": "openshift4/ose-cluster-nfd-operator@sha256:4382fb0818dd63af22b8fc8fc5cfb614be6f7ea8ea5ced779a528f7c47175880_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-nfd-operator@sha256:4382fb0818dd63af22b8fc8fc5cfb614be6f7ea8ea5ced779a528f7c47175880?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-nfd-operator\u0026tag=v4.12.0-202310170157.p0.g3d08a74.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-infiniband-cni@sha256:2892b1820ebf7f185f119bf56552e525853b27b0acb8bd935aee9dc29f59c989_ppc64le",
"product": {
"name": "openshift4/ose-sriov-infiniband-cni@sha256:2892b1820ebf7f185f119bf56552e525853b27b0acb8bd935aee9dc29f59c989_ppc64le",
"product_id": "openshift4/ose-sriov-infiniband-cni@sha256:2892b1820ebf7f185f119bf56552e525853b27b0acb8bd935aee9dc29f59c989_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-infiniband-cni@sha256:2892b1820ebf7f185f119bf56552e525853b27b0acb8bd935aee9dc29f59c989?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-infiniband-cni\u0026tag=v4.12.0-202310170157.p0.g6f976ac.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall@sha256:285d86578ee1284e413bd1e991d33bc1d956db5af64e42525afa2216d95dfe74_ppc64le",
"product": {
"name": "openshift4/ingress-node-firewall@sha256:285d86578ee1284e413bd1e991d33bc1d956db5af64e42525afa2216d95dfe74_ppc64le",
"product_id": "openshift4/ingress-node-firewall@sha256:285d86578ee1284e413bd1e991d33bc1d956db5af64e42525afa2216d95dfe74_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall@sha256:285d86578ee1284e413bd1e991d33bc1d956db5af64e42525afa2216d95dfe74?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall\u0026tag=v4.12.0-202310170157.p0.g3c81f59.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ingress-node-firewall-rhel8-operator@sha256:72cf77954e8a4946961bd20c7b05398f9c99ae15ddde1aca9dfe6eb442b12022_ppc64le",
"product": {
"name": "openshift4/ingress-node-firewall-rhel8-operator@sha256:72cf77954e8a4946961bd20c7b05398f9c99ae15ddde1aca9dfe6eb442b12022_ppc64le",
"product_id": "openshift4/ingress-node-firewall-rhel8-operator@sha256:72cf77954e8a4946961bd20c7b05398f9c99ae15ddde1aca9dfe6eb442b12022_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ingress-node-firewall-rhel8-operator@sha256:72cf77954e8a4946961bd20c7b05398f9c99ae15ddde1aca9dfe6eb442b12022?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ingress-node-firewall-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.g3c81f59.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-diskmaker@sha256:90e60cb79ebe1e989d038b2e7eabc7020c4f0d15dfc68a3b8ffa8dfe242df904_ppc64le",
"product": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:90e60cb79ebe1e989d038b2e7eabc7020c4f0d15dfc68a3b8ffa8dfe242df904_ppc64le",
"product_id": "openshift4/ose-local-storage-diskmaker@sha256:90e60cb79ebe1e989d038b2e7eabc7020c4f0d15dfc68a3b8ffa8dfe242df904_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-diskmaker@sha256:90e60cb79ebe1e989d038b2e7eabc7020c4f0d15dfc68a3b8ffa8dfe242df904?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-diskmaker\u0026tag=v4.12.0-202310170157.p0.gbc3f9b7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-operator@sha256:c6dd84c8fa114fd5e2cb54cd996a4aba42dee3b581a334346e5eaf8b39a3db7e_ppc64le",
"product": {
"name": "openshift4/ose-local-storage-operator@sha256:c6dd84c8fa114fd5e2cb54cd996a4aba42dee3b581a334346e5eaf8b39a3db7e_ppc64le",
"product_id": "openshift4/ose-local-storage-operator@sha256:c6dd84c8fa114fd5e2cb54cd996a4aba42dee3b581a334346e5eaf8b39a3db7e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-operator@sha256:c6dd84c8fa114fd5e2cb54cd996a4aba42dee3b581a334346e5eaf8b39a3db7e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-operator\u0026tag=v4.12.0-202310170157.p0.gbc3f9b7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-node-feature-discovery@sha256:1c6a0888e201605df64b4a0162a21b2364baf1f781cbbacd88a2157b8a4702d8_ppc64le",
"product": {
"name": "openshift4/ose-node-feature-discovery@sha256:1c6a0888e201605df64b4a0162a21b2364baf1f781cbbacd88a2157b8a4702d8_ppc64le",
"product_id": "openshift4/ose-node-feature-discovery@sha256:1c6a0888e201605df64b4a0162a21b2364baf1f781cbbacd88a2157b8a4702d8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-node-feature-discovery@sha256:1c6a0888e201605df64b4a0162a21b2364baf1f781cbbacd88a2157b8a4702d8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-node-feature-discovery\u0026tag=v4.12.0-202310170157.p0.g5e2696b.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ansible-operator@sha256:cadb8a46c39d49156600b973e280bd303d6f9050bd06b5a42b77d87e739c74e4_ppc64le",
"product": {
"name": "openshift4/ose-ansible-operator@sha256:cadb8a46c39d49156600b973e280bd303d6f9050bd06b5a42b77d87e739c74e4_ppc64le",
"product_id": "openshift4/ose-ansible-operator@sha256:cadb8a46c39d49156600b973e280bd303d6f9050bd06b5a42b77d87e739c74e4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-ansible-operator@sha256:cadb8a46c39d49156600b973e280bd303d6f9050bd06b5a42b77d87e739c74e4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-ansible-operator\u0026tag=v4.12.0-202310170157.p0.ge11bcad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-capacity@sha256:3c0479d783c92f1ebeb9a1fa6201fdb84c594a1ca4412eb095a297ce5c2aa35d_ppc64le",
"product": {
"name": "openshift4/ose-cluster-capacity@sha256:3c0479d783c92f1ebeb9a1fa6201fdb84c594a1ca4412eb095a297ce5c2aa35d_ppc64le",
"product_id": "openshift4/ose-cluster-capacity@sha256:3c0479d783c92f1ebeb9a1fa6201fdb84c594a1ca4412eb095a297ce5c2aa35d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-capacity@sha256:3c0479d783c92f1ebeb9a1fa6201fdb84c594a1ca4412eb095a297ce5c2aa35d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-capacity\u0026tag=v4.12.0-202310170157.p0.g834db11.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-helm-operator@sha256:09a9fc0f3e8f11ece0143e301f29386dcc899c41f26b7b06cdc18830fcd3e535_ppc64le",
"product": {
"name": "openshift4/ose-helm-operator@sha256:09a9fc0f3e8f11ece0143e301f29386dcc899c41f26b7b06cdc18830fcd3e535_ppc64le",
"product_id": "openshift4/ose-helm-operator@sha256:09a9fc0f3e8f11ece0143e301f29386dcc899c41f26b7b06cdc18830fcd3e535_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-helm-operator@sha256:09a9fc0f3e8f11ece0143e301f29386dcc899c41f26b7b06cdc18830fcd3e535?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-helm-operator\u0026tag=v4.12.0-202310170157.p0.ge11bcad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-operator-sdk-rhel8@sha256:c97a39e5c26080bf6ec1d0a7fdd3d5f1ca02fd063f17731ebf7d61c6086d4f07_ppc64le",
"product": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:c97a39e5c26080bf6ec1d0a7fdd3d5f1ca02fd063f17731ebf7d61c6086d4f07_ppc64le",
"product_id": "openshift4/ose-operator-sdk-rhel8@sha256:c97a39e5c26080bf6ec1d0a7fdd3d5f1ca02fd063f17731ebf7d61c6086d4f07_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-operator-sdk-rhel8@sha256:c97a39e5c26080bf6ec1d0a7fdd3d5f1ca02fd063f17731ebf7d61c6086d4f07?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-operator-sdk-rhel8\u0026tag=v4.12.0-202310170157.p0.ge11bcad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:26f0f068bd1e22fbc3705117817bcf0aa47559aa508504eaf80a781516516d95_ppc64le",
"product": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:26f0f068bd1e22fbc3705117817bcf0aa47559aa508504eaf80a781516516d95_ppc64le",
"product_id": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:26f0f068bd1e22fbc3705117817bcf0aa47559aa508504eaf80a781516516d95_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-kubernetes-nmstate-handler-rhel8@sha256:26f0f068bd1e22fbc3705117817bcf0aa47559aa508504eaf80a781516516d95?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel8\u0026tag=v4.12.0-202310170157.p0.gf83501a.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"product": {
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-kube-descheduler-rhel8-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.gda308c7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"product": {
"name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"product_id": "openshift4/ose-cluster-kube-descheduler-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-cluster-kube-descheduler-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-kube-descheduler-operator\u0026tag=v4.12.0-202310170157.p0.gda308c7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:eefbf0f8bdfe24fbea91ddd415888cc3a0769d7c0875345d2089170e62dbcc5d_ppc64le",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:eefbf0f8bdfe24fbea91ddd415888cc3a0769d7c0875345d2089170e62dbcc5d_ppc64le",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8@sha256:eefbf0f8bdfe24fbea91ddd415888cc3a0769d7c0875345d2089170e62dbcc5d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8@sha256:eefbf0f8bdfe24fbea91ddd415888cc3a0769d7c0875345d2089170e62dbcc5d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8\u0026tag=v4.12.0-202310170157.p0.g4cd14c4.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:22f013044a290eb8810cc0ecfc909c2b9fa01d74bdaea8feb82808cab28e9212_ppc64le",
"product": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:22f013044a290eb8810cc0ecfc909c2b9fa01d74bdaea8feb82808cab28e9212_ppc64le",
"product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:22f013044a290eb8810cc0ecfc909c2b9fa01d74bdaea8feb82808cab28e9212_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-clusterresourceoverride-rhel8-operator@sha256:22f013044a290eb8810cc0ecfc909c2b9fa01d74bdaea8feb82808cab28e9212?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-clusterresourceoverride-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.g9df3229.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-contour-rhel8@sha256:ae6d9cb81d64e8a144f48f82f5f016be2e606bc96c2fcdebb1c2551086a76ebc_ppc64le",
"product": {
"name": "openshift4/ose-contour-rhel8@sha256:ae6d9cb81d64e8a144f48f82f5f016be2e606bc96c2fcdebb1c2551086a76ebc_ppc64le",
"product_id": "openshift4/ose-contour-rhel8@sha256:ae6d9cb81d64e8a144f48f82f5f016be2e606bc96c2fcdebb1c2551086a76ebc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-contour-rhel8@sha256:ae6d9cb81d64e8a144f48f82f5f016be2e606bc96c2fcdebb1c2551086a76ebc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-contour-rhel8\u0026tag=v4.12.0-202310170157.p0.g45e9b62.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:e2aaf0ab59f87f1fe2723be34e71d6d185bc378ea057e229838a2006c32bbce4_ppc64le",
"product": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:e2aaf0ab59f87f1fe2723be34e71d6d185bc378ea057e229838a2006c32bbce4_ppc64le",
"product_id": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:e2aaf0ab59f87f1fe2723be34e71d6d185bc378ea057e229838a2006c32bbce4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:e2aaf0ab59f87f1fe2723be34e71d6d185bc378ea057e229838a2006c32bbce4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-csi-driver-shared-resource-mustgather-rhel8\u0026tag=v4.12.0-202310170157.p0.g20cffc0.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:3d8a9e5463f9efe11182ac23ab8edcaceb3a122d78df83921483691a32ace0f6_ppc64le",
"product": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:3d8a9e5463f9efe11182ac23ab8edcaceb3a122d78df83921483691a32ace0f6_ppc64le",
"product_id": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:3d8a9e5463f9efe11182ac23ab8edcaceb3a122d78df83921483691a32ace0f6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-gcp-filestore-csi-driver-rhel8@sha256:3d8a9e5463f9efe11182ac23ab8edcaceb3a122d78df83921483691a32ace0f6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel8\u0026tag=v4.12.0-202310170157.p0.g390c723.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9fe6a4dec159fdd43821b3180a1090dcb78609d77fbff26aacaf89c1fcae7392_ppc64le",
"product": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9fe6a4dec159fdd43821b3180a1090dcb78609d77fbff26aacaf89c1fcae7392_ppc64le",
"product_id": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9fe6a4dec159fdd43821b3180a1090dcb78609d77fbff26aacaf89c1fcae7392_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9fe6a4dec159fdd43821b3180a1090dcb78609d77fbff26aacaf89c1fcae7392?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-gcp-filestore-csi-driver-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.ga8765cd.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:ed4b83ea6860722a34422419763d8181cc2729c2c66e113e42b004f788715789_ppc64le",
"product": {
"name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:ed4b83ea6860722a34422419763d8181cc2729c2c66e113e42b004f788715789_ppc64le",
"product_id": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:ed4b83ea6860722a34422419763d8181cc2729c2c66e113e42b004f788715789_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-rhel8-operator@sha256:ed4b83ea6860722a34422419763d8181cc2729c2c66e113e42b004f788715789?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/kubernetes-nmstate-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.gf83501a.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp@sha256:41c58aa89e406885091d2bc777ce00e14a9a1b10ce9904db8480583f38058504_ppc64le",
"product": {
"name": "openshift4/ose-ptp@sha256:41c58aa89e406885091d2bc777ce00e14a9a1b10ce9904db8480583f38058504_ppc64le",
"product_id": "openshift4/ose-ptp@sha256:41c58aa89e406885091d2bc777ce00e14a9a1b10ce9904db8480583f38058504_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-ptp@sha256:41c58aa89e406885091d2bc777ce00e14a9a1b10ce9904db8480583f38058504?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-ptp\u0026tag=v4.12.0-202310170157.p0.g61e1363.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:173809679d1180200d81df86c0c8d5824b65edb70253fa641784ac89d162400c_ppc64le",
"product": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:173809679d1180200d81df86c0c8d5824b65edb70253fa641784ac89d162400c_ppc64le",
"product_id": "openshift4/ose-local-storage-mustgather-rhel8@sha256:173809679d1180200d81df86c0c8d5824b65edb70253fa641784ac89d162400c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-local-storage-mustgather-rhel8@sha256:173809679d1180200d81df86c0c8d5824b65edb70253fa641784ac89d162400c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-local-storage-mustgather-rhel8\u0026tag=v4.12.0-202310170157.p0.gbc3f9b7.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"product": {
"name": "openshift4/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"product_id": "openshift4/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel8\u0026tag=v4.12.0-202310170157.p0.ga1883ad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift-tech-preview/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"product": {
"name": "openshift-tech-preview/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"product_id": "openshift-tech-preview/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-tech-preview/metallb-rhel8\u0026tag=v4.12.0-202310170157.p0.ga1883ad.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/metallb-rhel8-operator@sha256:8d27e611fdef663f48d1210f3c79861207cd3022c45e6a0b9024783fd3cdfbef_ppc64le",
"product": {
"name": "openshift4/metallb-rhel8-operator@sha256:8d27e611fdef663f48d1210f3c79861207cd3022c45e6a0b9024783fd3cdfbef_ppc64le",
"product_id": "openshift4/metallb-rhel8-operator@sha256:8d27e611fdef663f48d1210f3c79861207cd3022c45e6a0b9024783fd3cdfbef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/metallb-rhel8-operator@sha256:8d27e611fdef663f48d1210f3c79861207cd3022c45e6a0b9024783fd3cdfbef?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/metallb-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.ge40db5b.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-ptp-operator@sha256:58c0d0aa10dce221251d77cbcb075e231f5ebaa3aba91397fab7ccc49007e3be_ppc64le",
"product": {
"name": "openshift4/ose-ptp-operator@sha256:58c0d0aa10dce221251d77cbcb075e231f5ebaa3aba91397fab7ccc49007e3be_ppc64le",
"product_id": "openshift4/ose-ptp-operator@sha256:58c0d0aa10dce221251d77cbcb075e231f5ebaa3aba91397fab7ccc49007e3be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-ptp-operator@sha256:58c0d0aa10dce221251d77cbcb075e231f5ebaa3aba91397fab7ccc49007e3be?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-ptp-operator\u0026tag=v4.12.0-202310170157.p0.g9b88ec5.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:f723dafd371cbc77bcb92c6dd323bcf9b26880b50a01718ec2a6345b57f75199_ppc64le",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:f723dafd371cbc77bcb92c6dd323bcf9b26880b50a01718ec2a6345b57f75199_ppc64le",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:f723dafd371cbc77bcb92c6dd323bcf9b26880b50a01718ec2a6345b57f75199_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8@sha256:f723dafd371cbc77bcb92c6dd323bcf9b26880b50a01718ec2a6345b57f75199?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8\u0026tag=v4.12.0-202310170157.p0.g6ab8e62.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:d85fce19b44c97f8711ea209b6ffa0763d5bbb496053189685a859477d5d81f0_ppc64le",
"product": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:d85fce19b44c97f8711ea209b6ffa0763d5bbb496053189685a859477d5d81f0_ppc64le",
"product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:d85fce19b44c97f8711ea209b6ffa0763d5bbb496053189685a859477d5d81f0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-vertical-pod-autoscaler-rhel8-operator@sha256:d85fce19b44c97f8711ea209b6ffa0763d5bbb496053189685a859477d5d81f0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel8-operator\u0026tag=v4.12.0-202310170157.p0.ga64bda3.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ptp-must-gather-rhel8@sha256:a3886ce4ebb9d7782b19c6f17791df9d8dfcd0a1ea6558a2b1c597d4a400384a_ppc64le",
"product": {
"name": "openshift4/ptp-must-gather-rhel8@sha256:a3886ce4ebb9d7782b19c6f17791df9d8dfcd0a1ea6558a2b1c597d4a400384a_ppc64le",
"product_id": "openshift4/ptp-must-gather-rhel8@sha256:a3886ce4ebb9d7782b19c6f17791df9d8dfcd0a1ea6558a2b1c597d4a400384a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ptp-must-gather-rhel8@sha256:a3886ce4ebb9d7782b19c6f17791df9d8dfcd0a1ea6558a2b1c597d4a400384a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ptp-must-gather-rhel8\u0026tag=v4.12.0-202310170157.p0.g9b88ec5.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-cni@sha256:475a89507d26f315689fa740c7e1732573af4593052399d492bdb33fc2fe9dd3_ppc64le",
"product": {
"name": "openshift4/ose-sriov-cni@sha256:475a89507d26f315689fa740c7e1732573af4593052399d492bdb33fc2fe9dd3_ppc64le",
"product_id": "openshift4/ose-sriov-cni@sha256:475a89507d26f315689fa740c7e1732573af4593052399d492bdb33fc2fe9dd3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-cni@sha256:475a89507d26f315689fa740c7e1732573af4593052399d492bdb33fc2fe9dd3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-cni\u0026tag=v4.12.0-202310170157.p0.g295fe45.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:ee8c0a18471ddba9929d40c14331d1a3f168ef01f4763ee85049df9c75193c18_ppc64le",
"product": {
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:ee8c0a18471ddba9929d40c14331d1a3f168ef01f4763ee85049df9c75193c18_ppc64le",
"product_id": "openshift4/ose-sriov-dp-admission-controller@sha256:ee8c0a18471ddba9929d40c14331d1a3f168ef01f4763ee85049df9c75193c18_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-dp-admission-controller@sha256:ee8c0a18471ddba9929d40c14331d1a3f168ef01f4763ee85049df9c75193c18?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-dp-admission-controller\u0026tag=v4.12.0-202310170157.p0.g257b2c5.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-config-daemon@sha256:9d23efd1b5d0d5dce268c01867ee7230b5a0a835e7e8133fc159b01fc671645a_ppc64le",
"product": {
"name": "openshift4/ose-sriov-network-config-daemon@sha256:9d23efd1b5d0d5dce268c01867ee7230b5a0a835e7e8133fc159b01fc671645a_ppc64le",
"product_id": "openshift4/ose-sriov-network-config-daemon@sha256:9d23efd1b5d0d5dce268c01867ee7230b5a0a835e7e8133fc159b01fc671645a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-config-daemon@sha256:9d23efd1b5d0d5dce268c01867ee7230b5a0a835e7e8133fc159b01fc671645a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-config-daemon\u0026tag=v4.12.0-202310170157.p0.g8061602.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-device-plugin@sha256:18fa4a04e748adbfa1b793d98f6e8eb906852eb1e8d28d25f66297dc0d4370c9_ppc64le",
"product": {
"name": "openshift4/ose-sriov-network-device-plugin@sha256:18fa4a04e748adbfa1b793d98f6e8eb906852eb1e8d28d25f66297dc0d4370c9_ppc64le",
"product_id": "openshift4/ose-sriov-network-device-plugin@sha256:18fa4a04e748adbfa1b793d98f6e8eb906852eb1e8d28d25f66297dc0d4370c9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-device-plugin@sha256:18fa4a04e748adbfa1b793d98f6e8eb906852eb1e8d28d25f66297dc0d4370c9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-device-plugin\u0026tag=v4.12.0-202310170157.p0.g851a66b.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-operator@sha256:762ba98cffdce6dd5e9362e944bccc19b866d1b7feaf622f80351e52ce2a6caf_ppc64le",
"product": {
"name": "openshift4/ose-sriov-network-operator@sha256:762ba98cffdce6dd5e9362e944bccc19b866d1b7feaf622f80351e52ce2a6caf_ppc64le",
"product_id": "openshift4/ose-sriov-network-operator@sha256:762ba98cffdce6dd5e9362e944bccc19b866d1b7feaf622f80351e52ce2a6caf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-operator@sha256:762ba98cffdce6dd5e9362e944bccc19b866d1b7feaf622f80351e52ce2a6caf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-operator\u0026tag=v4.12.0-202310170157.p0.g8061602.assembly.stream"
}
}
},
{
"category": "product_version",
"name": "openshift4/ose-sriov-network-webhook@sha256:a68b81fa4f1a32c36a8e4496c037f8e4545b38afdd0f0d226307db3f94463c6e_ppc64le",
"product": {
"name": "openshift4/ose-sriov-network-webhook@sha256:a68b81fa4f1a32c36a8e4496c037f8e4545b38afdd0f0d226307db3f94463c6e_ppc64le",
"product_id": "openshift4/ose-sriov-network-webhook@sha256:a68b81fa4f1a32c36a8e4496c037f8e4545b38afdd0f0d226307db3f94463c6e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ose-sriov-network-webhook@sha256:a68b81fa4f1a32c36a8e4496c037f8e4545b38afdd0f0d226307db3f94463c6e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-sriov-network-webhook\u0026tag=v4.12.0-202310170157.p0.g8061602.assembly.stream"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-tech-preview/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le"
},
"product_reference": "openshift-tech-preview/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-tech-preview/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64"
},
"product_reference": "openshift-tech-preview/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-tech-preview/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x"
},
"product_reference": "openshift-tech-preview/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-tech-preview/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64"
},
"product_reference": "openshift-tech-preview/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64"
},
"product_reference": "openshift4/cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le"
},
"product_reference": "openshift4/cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64"
},
"product_reference": "openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64"
},
"product_reference": "openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64"
},
"product_reference": "openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall-rhel8-operator@sha256:72cf77954e8a4946961bd20c7b05398f9c99ae15ddde1aca9dfe6eb442b12022_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:72cf77954e8a4946961bd20c7b05398f9c99ae15ddde1aca9dfe6eb442b12022_ppc64le"
},
"product_reference": "openshift4/ingress-node-firewall-rhel8-operator@sha256:72cf77954e8a4946961bd20c7b05398f9c99ae15ddde1aca9dfe6eb442b12022_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall-rhel8-operator@sha256:a1199349c9f7321b67ec73a3bb7ec8eb02c1892fa8ff60d135c9957a48b1aa7d_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:a1199349c9f7321b67ec73a3bb7ec8eb02c1892fa8ff60d135c9957a48b1aa7d_arm64"
},
"product_reference": "openshift4/ingress-node-firewall-rhel8-operator@sha256:a1199349c9f7321b67ec73a3bb7ec8eb02c1892fa8ff60d135c9957a48b1aa7d_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall-rhel8-operator@sha256:a2101864a1bdef883ff6493642870fecbe91b0e31ea57a36f918523ec552213b_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:a2101864a1bdef883ff6493642870fecbe91b0e31ea57a36f918523ec552213b_amd64"
},
"product_reference": "openshift4/ingress-node-firewall-rhel8-operator@sha256:a2101864a1bdef883ff6493642870fecbe91b0e31ea57a36f918523ec552213b_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall-rhel8-operator@sha256:e723f8ef299deb977eabc5b96adf6f2d1dd37f5a892d338c56bef95bc6f8fd8c_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:e723f8ef299deb977eabc5b96adf6f2d1dd37f5a892d338c56bef95bc6f8fd8c_s390x"
},
"product_reference": "openshift4/ingress-node-firewall-rhel8-operator@sha256:e723f8ef299deb977eabc5b96adf6f2d1dd37f5a892d338c56bef95bc6f8fd8c_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall@sha256:285d86578ee1284e413bd1e991d33bc1d956db5af64e42525afa2216d95dfe74_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:285d86578ee1284e413bd1e991d33bc1d956db5af64e42525afa2216d95dfe74_ppc64le"
},
"product_reference": "openshift4/ingress-node-firewall@sha256:285d86578ee1284e413bd1e991d33bc1d956db5af64e42525afa2216d95dfe74_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall@sha256:7fa41d4dc5d21f6970e55374a0d3c1d1a1d1e70b802538bae0067add8d17fb2d_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:7fa41d4dc5d21f6970e55374a0d3c1d1a1d1e70b802538bae0067add8d17fb2d_arm64"
},
"product_reference": "openshift4/ingress-node-firewall@sha256:7fa41d4dc5d21f6970e55374a0d3c1d1a1d1e70b802538bae0067add8d17fb2d_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall@sha256:81c28fa0f67121b63c30f263b287c31dfa63d781226b2c2da6151551fadc2b6f_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:81c28fa0f67121b63c30f263b287c31dfa63d781226b2c2da6151551fadc2b6f_amd64"
},
"product_reference": "openshift4/ingress-node-firewall@sha256:81c28fa0f67121b63c30f263b287c31dfa63d781226b2c2da6151551fadc2b6f_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ingress-node-firewall@sha256:b98d3493fe884eade42907b7d61a34d56e4da206d5211710862ea7a9b01052db_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:b98d3493fe884eade42907b7d61a34d56e4da206d5211710862ea7a9b01052db_s390x"
},
"product_reference": "openshift4/ingress-node-firewall@sha256:b98d3493fe884eade42907b7d61a34d56e4da206d5211710862ea7a9b01052db_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:108683934e0081dd2b47d45b8645da0597e801d6393e0275bba60e557df22118_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:108683934e0081dd2b47d45b8645da0597e801d6393e0275bba60e557df22118_amd64"
},
"product_reference": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:108683934e0081dd2b47d45b8645da0597e801d6393e0275bba60e557df22118_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:46e5e9c1a0de429ce010c8413c436b65db487b901559a31ec12d7ad5ac285ee9_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:46e5e9c1a0de429ce010c8413c436b65db487b901559a31ec12d7ad5ac285ee9_arm64"
},
"product_reference": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:46e5e9c1a0de429ce010c8413c436b65db487b901559a31ec12d7ad5ac285ee9_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:780bf0296dfeb56ea236682bde3a200953f52ffc4a7806e57a1b2a9907edc6a0_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:780bf0296dfeb56ea236682bde3a200953f52ffc4a7806e57a1b2a9907edc6a0_s390x"
},
"product_reference": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:780bf0296dfeb56ea236682bde3a200953f52ffc4a7806e57a1b2a9907edc6a0_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:ed4b83ea6860722a34422419763d8181cc2729c2c66e113e42b004f788715789_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:ed4b83ea6860722a34422419763d8181cc2729c2c66e113e42b004f788715789_ppc64le"
},
"product_reference": "openshift4/kubernetes-nmstate-rhel8-operator@sha256:ed4b83ea6860722a34422419763d8181cc2729c2c66e113e42b004f788715789_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel8-operator@sha256:8a7ff91387a533b4727278f654260f37031a9f25bd8e020e9cc6b8801d2e53ef_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:8a7ff91387a533b4727278f654260f37031a9f25bd8e020e9cc6b8801d2e53ef_amd64"
},
"product_reference": "openshift4/metallb-rhel8-operator@sha256:8a7ff91387a533b4727278f654260f37031a9f25bd8e020e9cc6b8801d2e53ef_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel8-operator@sha256:8d27e611fdef663f48d1210f3c79861207cd3022c45e6a0b9024783fd3cdfbef_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:8d27e611fdef663f48d1210f3c79861207cd3022c45e6a0b9024783fd3cdfbef_ppc64le"
},
"product_reference": "openshift4/metallb-rhel8-operator@sha256:8d27e611fdef663f48d1210f3c79861207cd3022c45e6a0b9024783fd3cdfbef_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x"
},
"product_reference": "openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel8-operator@sha256:d017795ad6e97fbfbc4e63c212bb3df8fd253e7fe67e0764571be242e8a67bd6_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:d017795ad6e97fbfbc4e63c212bb3df8fd253e7fe67e0764571be242e8a67bd6_arm64"
},
"product_reference": "openshift4/metallb-rhel8-operator@sha256:d017795ad6e97fbfbc4e63c212bb3df8fd253e7fe67e0764571be242e8a67bd6_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le"
},
"product_reference": "openshift4/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64"
},
"product_reference": "openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x"
},
"product_reference": "openshift4/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64"
},
"product_reference": "openshift4/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ansible-operator@sha256:30ef56694e5cf07818c01dde16463a65133effbc045006a74479e34fcefbde70_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:30ef56694e5cf07818c01dde16463a65133effbc045006a74479e34fcefbde70_arm64"
},
"product_reference": "openshift4/ose-ansible-operator@sha256:30ef56694e5cf07818c01dde16463a65133effbc045006a74479e34fcefbde70_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ansible-operator@sha256:4a623730a2f43a50069d6f4f60e8c91198608852cf52c61aa3a25c111fcdce42_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:4a623730a2f43a50069d6f4f60e8c91198608852cf52c61aa3a25c111fcdce42_amd64"
},
"product_reference": "openshift4/ose-ansible-operator@sha256:4a623730a2f43a50069d6f4f60e8c91198608852cf52c61aa3a25c111fcdce42_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ansible-operator@sha256:cadb8a46c39d49156600b973e280bd303d6f9050bd06b5a42b77d87e739c74e4_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:cadb8a46c39d49156600b973e280bd303d6f9050bd06b5a42b77d87e739c74e4_ppc64le"
},
"product_reference": "openshift4/ose-ansible-operator@sha256:cadb8a46c39d49156600b973e280bd303d6f9050bd06b5a42b77d87e739c74e4_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ansible-operator@sha256:e98cc3ff99e6b1040ffb579e6bb581a02101cb9935ac2a5a69245d3eb8e9773d_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:e98cc3ff99e6b1040ffb579e6bb581a02101cb9935ac2a5a69245d3eb8e9773d_s390x"
},
"product_reference": "openshift4/ose-ansible-operator@sha256:e98cc3ff99e6b1040ffb579e6bb581a02101cb9935ac2a5a69245d3eb8e9773d_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:478a6fb62e9a5621cd26fc866aef1a0024164b42b37de80714b8e2dd6a366ca5_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:478a6fb62e9a5621cd26fc866aef1a0024164b42b37de80714b8e2dd6a366ca5_arm64"
},
"product_reference": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:478a6fb62e9a5621cd26fc866aef1a0024164b42b37de80714b8e2dd6a366ca5_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:fbc73cd2015b3623070742fe31df0f41db5a131e5648d65693b1e976c2f5bc6f_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:fbc73cd2015b3623070742fe31df0f41db5a131e5648d65693b1e976c2f5bc6f_amd64"
},
"product_reference": "openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:fbc73cd2015b3623070742fe31df0f41db5a131e5648d65693b1e976c2f5bc6f_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:7d56e3582f381267397503a4410811d20f8b8fe9500423dd281d92bc740951b4_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:7d56e3582f381267397503a4410811d20f8b8fe9500423dd281d92bc740951b4_amd64"
},
"product_reference": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:7d56e3582f381267397503a4410811d20f8b8fe9500423dd281d92bc740951b4_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ea669ecbf3fbda745413e79ba33a9d4e71585e0ba8665f200eb0e9a5b8226b9d_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ea669ecbf3fbda745413e79ba33a9d4e71585e0ba8665f200eb0e9a5b8226b9d_arm64"
},
"product_reference": "openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ea669ecbf3fbda745413e79ba33a9d4e71585e0ba8665f200eb0e9a5b8226b9d_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64"
},
"product_reference": "openshift4/ose-cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le"
},
"product_reference": "openshift4/ose-cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64"
},
"product_reference": "openshift4/ose-cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cloud-event-proxy@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64"
},
"product_reference": "openshift4/ose-cloud-event-proxy@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cloud-event-proxy@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le"
},
"product_reference": "openshift4/ose-cloud-event-proxy@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cloud-event-proxy@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64"
},
"product_reference": "openshift4/ose-cloud-event-proxy@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-capacity@sha256:102b294d1a9965c935a74a7eaae9f2e7be4d747bdba1f9860206fb231e057ee3_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:102b294d1a9965c935a74a7eaae9f2e7be4d747bdba1f9860206fb231e057ee3_s390x"
},
"product_reference": "openshift4/ose-cluster-capacity@sha256:102b294d1a9965c935a74a7eaae9f2e7be4d747bdba1f9860206fb231e057ee3_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-capacity@sha256:3c0479d783c92f1ebeb9a1fa6201fdb84c594a1ca4412eb095a297ce5c2aa35d_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:3c0479d783c92f1ebeb9a1fa6201fdb84c594a1ca4412eb095a297ce5c2aa35d_ppc64le"
},
"product_reference": "openshift4/ose-cluster-capacity@sha256:3c0479d783c92f1ebeb9a1fa6201fdb84c594a1ca4412eb095a297ce5c2aa35d_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2_arm64"
},
"product_reference": "openshift4/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64"
},
"product_reference": "openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64"
},
"product_reference": "openshift4/ose-cluster-kube-descheduler-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x"
},
"product_reference": "openshift4/ose-cluster-kube-descheduler-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64"
},
"product_reference": "openshift4/ose-cluster-kube-descheduler-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-descheduler-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le"
},
"product_reference": "openshift4/ose-cluster-kube-descheduler-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64"
},
"product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x"
},
"product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64"
},
"product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le"
},
"product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:4382fb0818dd63af22b8fc8fc5cfb614be6f7ea8ea5ced779a528f7c47175880_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:4382fb0818dd63af22b8fc8fc5cfb614be6f7ea8ea5ced779a528f7c47175880_ppc64le"
},
"product_reference": "openshift4/ose-cluster-nfd-operator@sha256:4382fb0818dd63af22b8fc8fc5cfb614be6f7ea8ea5ced779a528f7c47175880_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:4a15d356228a39cca0126c3df8b30fc2bcbd89e95f1bb24d67c342e01011840d_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:4a15d356228a39cca0126c3df8b30fc2bcbd89e95f1bb24d67c342e01011840d_s390x"
},
"product_reference": "openshift4/ose-cluster-nfd-operator@sha256:4a15d356228a39cca0126c3df8b30fc2bcbd89e95f1bb24d67c342e01011840d_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:ba7a52e143b77cf3f1972da8cc02ab5587d0dff77b8e975c522a0fc9f05d59a2_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:ba7a52e143b77cf3f1972da8cc02ab5587d0dff77b8e975c522a0fc9f05d59a2_arm64"
},
"product_reference": "openshift4/ose-cluster-nfd-operator@sha256:ba7a52e143b77cf3f1972da8cc02ab5587d0dff77b8e975c522a0fc9f05d59a2_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-cluster-nfd-operator@sha256:baf8938374b42f94b453d751edde90e77cc96f33bdbec91e32011f31368903a7_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:baf8938374b42f94b453d751edde90e77cc96f33bdbec91e32011f31368903a7_amd64"
},
"product_reference": "openshift4/ose-cluster-nfd-operator@sha256:baf8938374b42f94b453d751edde90e77cc96f33bdbec91e32011f31368903a7_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:020f16bc6aeaaaf6dcb3feee17fdddf7ccc9b98ea5c8a848dc97f486aeb90631_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:020f16bc6aeaaaf6dcb3feee17fdddf7ccc9b98ea5c8a848dc97f486aeb90631_amd64"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:020f16bc6aeaaaf6dcb3feee17fdddf7ccc9b98ea5c8a848dc97f486aeb90631_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:22f013044a290eb8810cc0ecfc909c2b9fa01d74bdaea8feb82808cab28e9212_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:22f013044a290eb8810cc0ecfc909c2b9fa01d74bdaea8feb82808cab28e9212_ppc64le"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:22f013044a290eb8810cc0ecfc909c2b9fa01d74bdaea8feb82808cab28e9212_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b388f12cca8cee34bf6703c5111fa157c9cc795dacf68e089ffb45816d3dc0a7_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b388f12cca8cee34bf6703c5111fa157c9cc795dacf68e089ffb45816d3dc0a7_s390x"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b388f12cca8cee34bf6703c5111fa157c9cc795dacf68e089ffb45816d3dc0a7_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f5182cd7ee2e3c2bb579e818fbc81f66298609c7c211ffa714713704be5f62fc_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f5182cd7ee2e3c2bb579e818fbc81f66298609c7c211ffa714713704be5f62fc_arm64"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f5182cd7ee2e3c2bb579e818fbc81f66298609c7c211ffa714713704be5f62fc_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:12f3f2b0d1c7b2735dc7770674e6ab8141bc8936f89f8fcca2f037bd10ace649_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:12f3f2b0d1c7b2735dc7770674e6ab8141bc8936f89f8fcca2f037bd10ace649_s390x"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:12f3f2b0d1c7b2735dc7770674e6ab8141bc8936f89f8fcca2f037bd10ace649_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:c82c0e4dab2cbad793f89eb4fa612b37762afb2643432e984d07196637025108_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:c82c0e4dab2cbad793f89eb4fa612b37762afb2643432e984d07196637025108_arm64"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:c82c0e4dab2cbad793f89eb4fa612b37762afb2643432e984d07196637025108_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-clusterresourceoverride-rhel8@sha256:eefbf0f8bdfe24fbea91ddd415888cc3a0769d7c0875345d2089170e62dbcc5d_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:eefbf0f8bdfe24fbea91ddd415888cc3a0769d7c0875345d2089170e62dbcc5d_ppc64le"
},
"product_reference": "openshift4/ose-clusterresourceoverride-rhel8@sha256:eefbf0f8bdfe24fbea91ddd415888cc3a0769d7c0875345d2089170e62dbcc5d_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-contour-rhel8@sha256:ae6d9cb81d64e8a144f48f82f5f016be2e606bc96c2fcdebb1c2551086a76ebc_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:ae6d9cb81d64e8a144f48f82f5f016be2e606bc96c2fcdebb1c2551086a76ebc_ppc64le"
},
"product_reference": "openshift4/ose-contour-rhel8@sha256:ae6d9cb81d64e8a144f48f82f5f016be2e606bc96c2fcdebb1c2551086a76ebc_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-contour-rhel8@sha256:cd33c1243171439b1ffd3d1133922fc078a093095dfb6c6b00c2c0be2c6f72da_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:cd33c1243171439b1ffd3d1133922fc078a093095dfb6c6b00c2c0be2c6f72da_amd64"
},
"product_reference": "openshift4/ose-contour-rhel8@sha256:cd33c1243171439b1ffd3d1133922fc078a093095dfb6c6b00c2c0be2c6f72da_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-contour-rhel8@sha256:e26479f66f80f84815aa411c80ed8ffc2b090fcef1bedfcce49d8f2bd41fd771_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:e26479f66f80f84815aa411c80ed8ffc2b090fcef1bedfcce49d8f2bd41fd771_s390x"
},
"product_reference": "openshift4/ose-contour-rhel8@sha256:e26479f66f80f84815aa411c80ed8ffc2b090fcef1bedfcce49d8f2bd41fd771_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-contour-rhel8@sha256:f30257831f2167be88df438a550bafd9670231ba62d04d2f403f898c64c5b013_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:f30257831f2167be88df438a550bafd9670231ba62d04d2f403f898c64c5b013_arm64"
},
"product_reference": "openshift4/ose-contour-rhel8@sha256:f30257831f2167be88df438a550bafd9670231ba62d04d2f403f898c64c5b013_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64"
},
"product_reference": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:5b2e6d7f2775d4bb5667c9b945e045bfdaf428570fb27818c70630075c9d1f70_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:5b2e6d7f2775d4bb5667c9b945e045bfdaf428570fb27818c70630075c9d1f70_arm64"
},
"product_reference": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:5b2e6d7f2775d4bb5667c9b945e045bfdaf428570fb27818c70630075c9d1f70_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:d689ec4ac0e0148633f7bca9005e82461f1951659c2da3a9bffe6038e2101095_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:d689ec4ac0e0148633f7bca9005e82461f1951659c2da3a9bffe6038e2101095_s390x"
},
"product_reference": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:d689ec4ac0e0148633f7bca9005e82461f1951659c2da3a9bffe6038e2101095_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:e2aaf0ab59f87f1fe2723be34e71d6d185bc378ea057e229838a2006c32bbce4_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:e2aaf0ab59f87f1fe2723be34e71d6d185bc378ea057e229838a2006c32bbce4_ppc64le"
},
"product_reference": "openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:e2aaf0ab59f87f1fe2723be34e71d6d185bc378ea057e229838a2006c32bbce4_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-descheduler@sha256:5f0b4815098cb9f43b5fcd40581ae93f6f6655c3a3a526aee906368f08e69874_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:5f0b4815098cb9f43b5fcd40581ae93f6f6655c3a3a526aee906368f08e69874_amd64"
},
"product_reference": "openshift4/ose-descheduler@sha256:5f0b4815098cb9f43b5fcd40581ae93f6f6655c3a3a526aee906368f08e69874_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-descheduler@sha256:9253717b1bce094dbdd7d9d6af6485e7719d69aef97938c75f991f83392af4ef_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:9253717b1bce094dbdd7d9d6af6485e7719d69aef97938c75f991f83392af4ef_arm64"
},
"product_reference": "openshift4/ose-descheduler@sha256:9253717b1bce094dbdd7d9d6af6485e7719d69aef97938c75f991f83392af4ef_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x"
},
"product_reference": "openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-descheduler@sha256:c71f5f4d3f62199c89ef05cba94f805f074500dbbce33efcbb421ed9abc5be12_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:c71f5f4d3f62199c89ef05cba94f805f074500dbbce33efcbb421ed9abc5be12_ppc64le"
},
"product_reference": "openshift4/ose-descheduler@sha256:c71f5f4d3f62199c89ef05cba94f805f074500dbbce33efcbb421ed9abc5be12_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9fe6a4dec159fdd43821b3180a1090dcb78609d77fbff26aacaf89c1fcae7392_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9fe6a4dec159fdd43821b3180a1090dcb78609d77fbff26aacaf89c1fcae7392_ppc64le"
},
"product_reference": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9fe6a4dec159fdd43821b3180a1090dcb78609d77fbff26aacaf89c1fcae7392_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:aab06773166b0272d1d62d82d22bdf1aaf38d5c7a380ce3ff6d5ceb1d5901784_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:aab06773166b0272d1d62d82d22bdf1aaf38d5c7a380ce3ff6d5ceb1d5901784_amd64"
},
"product_reference": "openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:aab06773166b0272d1d62d82d22bdf1aaf38d5c7a380ce3ff6d5ceb1d5901784_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:3d8a9e5463f9efe11182ac23ab8edcaceb3a122d78df83921483691a32ace0f6_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:3d8a9e5463f9efe11182ac23ab8edcaceb3a122d78df83921483691a32ace0f6_ppc64le"
},
"product_reference": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:3d8a9e5463f9efe11182ac23ab8edcaceb3a122d78df83921483691a32ace0f6_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:65743683d8085a4361a59b85970f5d9fe0b844ade55034ea1d25e385a23ca671_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:65743683d8085a4361a59b85970f5d9fe0b844ade55034ea1d25e385a23ca671_amd64"
},
"product_reference": "openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:65743683d8085a4361a59b85970f5d9fe0b844ade55034ea1d25e385a23ca671_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-helm-operator@sha256:09a9fc0f3e8f11ece0143e301f29386dcc899c41f26b7b06cdc18830fcd3e535_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:09a9fc0f3e8f11ece0143e301f29386dcc899c41f26b7b06cdc18830fcd3e535_ppc64le"
},
"product_reference": "openshift4/ose-helm-operator@sha256:09a9fc0f3e8f11ece0143e301f29386dcc899c41f26b7b06cdc18830fcd3e535_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-helm-operator@sha256:65e5e849c5ef5ea84ea3c4e07739938999d8ea2ecefccd5544d8e2ca672ef46a_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:65e5e849c5ef5ea84ea3c4e07739938999d8ea2ecefccd5544d8e2ca672ef46a_arm64"
},
"product_reference": "openshift4/ose-helm-operator@sha256:65e5e849c5ef5ea84ea3c4e07739938999d8ea2ecefccd5544d8e2ca672ef46a_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-helm-operator@sha256:89951eb78b805680d5289d65cb7c8b4a18d3342f6c51b58e48e73722edcab401_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:89951eb78b805680d5289d65cb7c8b4a18d3342f6c51b58e48e73722edcab401_amd64"
},
"product_reference": "openshift4/ose-helm-operator@sha256:89951eb78b805680d5289d65cb7c8b4a18d3342f6c51b58e48e73722edcab401_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-helm-operator@sha256:9859c36ad6668fa092d1023a3f75a2828b0868951fa309c44e8f431add419288_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:9859c36ad6668fa092d1023a3f75a2828b0868951fa309c44e8f431add419288_s390x"
},
"product_reference": "openshift4/ose-helm-operator@sha256:9859c36ad6668fa092d1023a3f75a2828b0868951fa309c44e8f431add419288_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:26f0f068bd1e22fbc3705117817bcf0aa47559aa508504eaf80a781516516d95_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:26f0f068bd1e22fbc3705117817bcf0aa47559aa508504eaf80a781516516d95_ppc64le"
},
"product_reference": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:26f0f068bd1e22fbc3705117817bcf0aa47559aa508504eaf80a781516516d95_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:2a5e32f5ba01ca2d512ff93cc76b17d134923f85ed6241ef0818baff9f9fdf17_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:2a5e32f5ba01ca2d512ff93cc76b17d134923f85ed6241ef0818baff9f9fdf17_arm64"
},
"product_reference": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:2a5e32f5ba01ca2d512ff93cc76b17d134923f85ed6241ef0818baff9f9fdf17_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:631ffa3d29931e673f45fdc427301b56a4a025cc51a32f2756d8ef31de53291f_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:631ffa3d29931e673f45fdc427301b56a4a025cc51a32f2756d8ef31de53291f_amd64"
},
"product_reference": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:631ffa3d29931e673f45fdc427301b56a4a025cc51a32f2756d8ef31de53291f_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:93ffc29f43f0e8a0ea41d09806e66e9d881b17817623ed74dc226fbc80403346_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:93ffc29f43f0e8a0ea41d09806e66e9d881b17817623ed74dc226fbc80403346_s390x"
},
"product_reference": "openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:93ffc29f43f0e8a0ea41d09806e66e9d881b17817623ed74dc226fbc80403346_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64"
},
"product_reference": "openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:90e60cb79ebe1e989d038b2e7eabc7020c4f0d15dfc68a3b8ffa8dfe242df904_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:90e60cb79ebe1e989d038b2e7eabc7020c4f0d15dfc68a3b8ffa8dfe242df904_ppc64le"
},
"product_reference": "openshift4/ose-local-storage-diskmaker@sha256:90e60cb79ebe1e989d038b2e7eabc7020c4f0d15dfc68a3b8ffa8dfe242df904_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:b4b53f3f4afa79b9a659370b8cbc2cad3116dfc0e2a3678c51147cf20cbd24d4_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:b4b53f3f4afa79b9a659370b8cbc2cad3116dfc0e2a3678c51147cf20cbd24d4_s390x"
},
"product_reference": "openshift4/ose-local-storage-diskmaker@sha256:b4b53f3f4afa79b9a659370b8cbc2cad3116dfc0e2a3678c51147cf20cbd24d4_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-diskmaker@sha256:fca7a0479fe492e61cae73535c25e8d32a4d895761bf886e6338a484c0348fd0_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:fca7a0479fe492e61cae73535c25e8d32a4d895761bf886e6338a484c0348fd0_amd64"
},
"product_reference": "openshift4/ose-local-storage-diskmaker@sha256:fca7a0479fe492e61cae73535c25e8d32a4d895761bf886e6338a484c0348fd0_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:12b4caa17dc0c6a579454a4e3204dac180e599e775952f4b42310c1c417e16a0_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:12b4caa17dc0c6a579454a4e3204dac180e599e775952f4b42310c1c417e16a0_amd64"
},
"product_reference": "openshift4/ose-local-storage-mustgather-rhel8@sha256:12b4caa17dc0c6a579454a4e3204dac180e599e775952f4b42310c1c417e16a0_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:173809679d1180200d81df86c0c8d5824b65edb70253fa641784ac89d162400c_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:173809679d1180200d81df86c0c8d5824b65edb70253fa641784ac89d162400c_ppc64le"
},
"product_reference": "openshift4/ose-local-storage-mustgather-rhel8@sha256:173809679d1180200d81df86c0c8d5824b65edb70253fa641784ac89d162400c_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190_arm64"
},
"product_reference": "openshift4/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-mustgather-rhel8@sha256:91cac5f0553d39db5db6c917895739c5aa4c7b8d6d13c7a3a5e44edc3995dd4e_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:91cac5f0553d39db5db6c917895739c5aa4c7b8d6d13c7a3a5e44edc3995dd4e_s390x"
},
"product_reference": "openshift4/ose-local-storage-mustgather-rhel8@sha256:91cac5f0553d39db5db6c917895739c5aa4c7b8d6d13c7a3a5e44edc3995dd4e_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-operator@sha256:136b1a956321aefe3f6840c284a1418c7eef97f1c01acc85195ba32492d4e227_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:136b1a956321aefe3f6840c284a1418c7eef97f1c01acc85195ba32492d4e227_arm64"
},
"product_reference": "openshift4/ose-local-storage-operator@sha256:136b1a956321aefe3f6840c284a1418c7eef97f1c01acc85195ba32492d4e227_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-operator@sha256:4b76c420c27896317fd2bcd6739221cbaa15f86dddeaf0e7615c6519e488d16f_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:4b76c420c27896317fd2bcd6739221cbaa15f86dddeaf0e7615c6519e488d16f_s390x"
},
"product_reference": "openshift4/ose-local-storage-operator@sha256:4b76c420c27896317fd2bcd6739221cbaa15f86dddeaf0e7615c6519e488d16f_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64"
},
"product_reference": "openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-local-storage-operator@sha256:c6dd84c8fa114fd5e2cb54cd996a4aba42dee3b581a334346e5eaf8b39a3db7e_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:c6dd84c8fa114fd5e2cb54cd996a4aba42dee3b581a334346e5eaf8b39a3db7e_ppc64le"
},
"product_reference": "openshift4/ose-local-storage-operator@sha256:c6dd84c8fa114fd5e2cb54cd996a4aba42dee3b581a334346e5eaf8b39a3db7e_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-node-feature-discovery@sha256:1c6a0888e201605df64b4a0162a21b2364baf1f781cbbacd88a2157b8a4702d8_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:1c6a0888e201605df64b4a0162a21b2364baf1f781cbbacd88a2157b8a4702d8_ppc64le"
},
"product_reference": "openshift4/ose-node-feature-discovery@sha256:1c6a0888e201605df64b4a0162a21b2364baf1f781cbbacd88a2157b8a4702d8_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-node-feature-discovery@sha256:3ddeb65fad850a996347bdf961879dabb1277a5d9ae300a45e87664466294d85_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:3ddeb65fad850a996347bdf961879dabb1277a5d9ae300a45e87664466294d85_amd64"
},
"product_reference": "openshift4/ose-node-feature-discovery@sha256:3ddeb65fad850a996347bdf961879dabb1277a5d9ae300a45e87664466294d85_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-node-feature-discovery@sha256:bd2b362dfb3f83a1eaf31cf852fefe7517d9272b508ef671c18c07d542c384c2_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:bd2b362dfb3f83a1eaf31cf852fefe7517d9272b508ef671c18c07d542c384c2_s390x"
},
"product_reference": "openshift4/ose-node-feature-discovery@sha256:bd2b362dfb3f83a1eaf31cf852fefe7517d9272b508ef671c18c07d542c384c2_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-node-feature-discovery@sha256:d0223b0dbd14725bdd3529ddf690fe0ef64a3e43ccde6da44738a3264292219f_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:d0223b0dbd14725bdd3529ddf690fe0ef64a3e43ccde6da44738a3264292219f_arm64"
},
"product_reference": "openshift4/ose-node-feature-discovery@sha256:d0223b0dbd14725bdd3529ddf690fe0ef64a3e43ccde6da44738a3264292219f_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-node-problem-detector-rhel8@sha256:20092764d0e33eabdeb74f73502d442d54e9b18ef69ecb84d62b7be17dc16ce4_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:20092764d0e33eabdeb74f73502d442d54e9b18ef69ecb84d62b7be17dc16ce4_arm64"
},
"product_reference": "openshift4/ose-node-problem-detector-rhel8@sha256:20092764d0e33eabdeb74f73502d442d54e9b18ef69ecb84d62b7be17dc16ce4_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-node-problem-detector-rhel8@sha256:2eb4baac81c48822b89850e4ca02f2ecaf49dcba63dca5343a4f52587827d330_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:2eb4baac81c48822b89850e4ca02f2ecaf49dcba63dca5343a4f52587827d330_ppc64le"
},
"product_reference": "openshift4/ose-node-problem-detector-rhel8@sha256:2eb4baac81c48822b89850e4ca02f2ecaf49dcba63dca5343a4f52587827d330_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-node-problem-detector-rhel8@sha256:668985fd6b8b8c93e46e75d7fdf98b7d48b5decf897e417a8a2e46a7eb1d98fb_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:668985fd6b8b8c93e46e75d7fdf98b7d48b5decf897e417a8a2e46a7eb1d98fb_amd64"
},
"product_reference": "openshift4/ose-node-problem-detector-rhel8@sha256:668985fd6b8b8c93e46e75d7fdf98b7d48b5decf897e417a8a2e46a7eb1d98fb_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x"
},
"product_reference": "openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:1021d8e034641627457b8fc54d33d307c09f815dc5f7fc28bca44314e39c169d_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:1021d8e034641627457b8fc54d33d307c09f815dc5f7fc28bca44314e39c169d_s390x"
},
"product_reference": "openshift4/ose-operator-sdk-rhel8@sha256:1021d8e034641627457b8fc54d33d307c09f815dc5f7fc28bca44314e39c169d_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:3a5f632a8271a7ebc902eebeed596e0350c2e745b8e041cbe353f15f85df50bf_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:3a5f632a8271a7ebc902eebeed596e0350c2e745b8e041cbe353f15f85df50bf_arm64"
},
"product_reference": "openshift4/ose-operator-sdk-rhel8@sha256:3a5f632a8271a7ebc902eebeed596e0350c2e745b8e041cbe353f15f85df50bf_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:4e77db56f4263ffd43b5db6dbb008bcc9304103784461f79076d68cc37300b3c_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:4e77db56f4263ffd43b5db6dbb008bcc9304103784461f79076d68cc37300b3c_amd64"
},
"product_reference": "openshift4/ose-operator-sdk-rhel8@sha256:4e77db56f4263ffd43b5db6dbb008bcc9304103784461f79076d68cc37300b3c_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-operator-sdk-rhel8@sha256:c97a39e5c26080bf6ec1d0a7fdd3d5f1ca02fd063f17731ebf7d61c6086d4f07_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:c97a39e5c26080bf6ec1d0a7fdd3d5f1ca02fd063f17731ebf7d61c6086d4f07_ppc64le"
},
"product_reference": "openshift4/ose-operator-sdk-rhel8@sha256:c97a39e5c26080bf6ec1d0a7fdd3d5f1ca02fd063f17731ebf7d61c6086d4f07_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp-operator@sha256:58c0d0aa10dce221251d77cbcb075e231f5ebaa3aba91397fab7ccc49007e3be_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:58c0d0aa10dce221251d77cbcb075e231f5ebaa3aba91397fab7ccc49007e3be_ppc64le"
},
"product_reference": "openshift4/ose-ptp-operator@sha256:58c0d0aa10dce221251d77cbcb075e231f5ebaa3aba91397fab7ccc49007e3be_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp-operator@sha256:66aae4c0b92a1594526c3fb959d0baac6a277ac88a2796be9dcb7aa4a48e18ee_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:66aae4c0b92a1594526c3fb959d0baac6a277ac88a2796be9dcb7aa4a48e18ee_arm64"
},
"product_reference": "openshift4/ose-ptp-operator@sha256:66aae4c0b92a1594526c3fb959d0baac6a277ac88a2796be9dcb7aa4a48e18ee_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp-operator@sha256:e92c59a8d4e936b06cb0de3e438361c96d01cde7f1171589a88c88287d6e7ca2_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:e92c59a8d4e936b06cb0de3e438361c96d01cde7f1171589a88c88287d6e7ca2_amd64"
},
"product_reference": "openshift4/ose-ptp-operator@sha256:e92c59a8d4e936b06cb0de3e438361c96d01cde7f1171589a88c88287d6e7ca2_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp@sha256:41c58aa89e406885091d2bc777ce00e14a9a1b10ce9904db8480583f38058504_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:41c58aa89e406885091d2bc777ce00e14a9a1b10ce9904db8480583f38058504_ppc64le"
},
"product_reference": "openshift4/ose-ptp@sha256:41c58aa89e406885091d2bc777ce00e14a9a1b10ce9904db8480583f38058504_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp@sha256:495c6bdf9f1ddf6ba42f160e3459afd57e163025f2b3448b4e1c486be0c1d437_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:495c6bdf9f1ddf6ba42f160e3459afd57e163025f2b3448b4e1c486be0c1d437_arm64"
},
"product_reference": "openshift4/ose-ptp@sha256:495c6bdf9f1ddf6ba42f160e3459afd57e163025f2b3448b4e1c486be0c1d437_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-ptp@sha256:943abb445ca797dd4498970a989ea9fea2289f218021f9217791b2c6f11e7204_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:943abb445ca797dd4498970a989ea9fea2289f218021f9217791b2c6f11e7204_amd64"
},
"product_reference": "openshift4/ose-ptp@sha256:943abb445ca797dd4498970a989ea9fea2289f218021f9217791b2c6f11e7204_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-cni@sha256:475a89507d26f315689fa740c7e1732573af4593052399d492bdb33fc2fe9dd3_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:475a89507d26f315689fa740c7e1732573af4593052399d492bdb33fc2fe9dd3_ppc64le"
},
"product_reference": "openshift4/ose-sriov-cni@sha256:475a89507d26f315689fa740c7e1732573af4593052399d492bdb33fc2fe9dd3_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-cni@sha256:ebab320cd12116d6368e99680d8eabbd48a9552f5fb0fdafa8fe3de8dbeb3748_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:ebab320cd12116d6368e99680d8eabbd48a9552f5fb0fdafa8fe3de8dbeb3748_arm64"
},
"product_reference": "openshift4/ose-sriov-cni@sha256:ebab320cd12116d6368e99680d8eabbd48a9552f5fb0fdafa8fe3de8dbeb3748_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-cni@sha256:f7c79c165d548816014e0d66064378e9d069cee6c0ddd353b6a370ea64a6cf9d_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:f7c79c165d548816014e0d66064378e9d069cee6c0ddd353b6a370ea64a6cf9d_amd64"
},
"product_reference": "openshift4/ose-sriov-cni@sha256:f7c79c165d548816014e0d66064378e9d069cee6c0ddd353b6a370ea64a6cf9d_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:d3cd88d666e7f66c126fc2d555bc5359f5d4786521b0a874049007b7b71180b1_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:d3cd88d666e7f66c126fc2d555bc5359f5d4786521b0a874049007b7b71180b1_amd64"
},
"product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:d3cd88d666e7f66c126fc2d555bc5359f5d4786521b0a874049007b7b71180b1_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:ee8c0a18471ddba9929d40c14331d1a3f168ef01f4763ee85049df9c75193c18_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:ee8c0a18471ddba9929d40c14331d1a3f168ef01f4763ee85049df9c75193c18_ppc64le"
},
"product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:ee8c0a18471ddba9929d40c14331d1a3f168ef01f4763ee85049df9c75193c18_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-dp-admission-controller@sha256:ef957e1d49d8dd4576e7ab4c2d6559d96f294452e846d1f2244dfae1f86a7e33_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:ef957e1d49d8dd4576e7ab4c2d6559d96f294452e846d1f2244dfae1f86a7e33_arm64"
},
"product_reference": "openshift4/ose-sriov-dp-admission-controller@sha256:ef957e1d49d8dd4576e7ab4c2d6559d96f294452e846d1f2244dfae1f86a7e33_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64"
},
"product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-infiniband-cni@sha256:2892b1820ebf7f185f119bf56552e525853b27b0acb8bd935aee9dc29f59c989_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:2892b1820ebf7f185f119bf56552e525853b27b0acb8bd935aee9dc29f59c989_ppc64le"
},
"product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:2892b1820ebf7f185f119bf56552e525853b27b0acb8bd935aee9dc29f59c989_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-infiniband-cni@sha256:89ca5677d919fdfd9707c53fd3ab4f0555cfb85d715bbd45475aed20a29082a5_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:89ca5677d919fdfd9707c53fd3ab4f0555cfb85d715bbd45475aed20a29082a5_amd64"
},
"product_reference": "openshift4/ose-sriov-infiniband-cni@sha256:89ca5677d919fdfd9707c53fd3ab4f0555cfb85d715bbd45475aed20a29082a5_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-config-daemon@sha256:2629ac0c79df36ac8beec9467ad2c4963ad10c88544a2774539c0b3aad132329_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:2629ac0c79df36ac8beec9467ad2c4963ad10c88544a2774539c0b3aad132329_arm64"
},
"product_reference": "openshift4/ose-sriov-network-config-daemon@sha256:2629ac0c79df36ac8beec9467ad2c4963ad10c88544a2774539c0b3aad132329_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-config-daemon@sha256:9d23efd1b5d0d5dce268c01867ee7230b5a0a835e7e8133fc159b01fc671645a_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:9d23efd1b5d0d5dce268c01867ee7230b5a0a835e7e8133fc159b01fc671645a_ppc64le"
},
"product_reference": "openshift4/ose-sriov-network-config-daemon@sha256:9d23efd1b5d0d5dce268c01867ee7230b5a0a835e7e8133fc159b01fc671645a_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-config-daemon@sha256:bea03b981c6bac55ae89e42d24a49dd3876f3005beb9e4b5ea54be8248b15a45_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:bea03b981c6bac55ae89e42d24a49dd3876f3005beb9e4b5ea54be8248b15a45_amd64"
},
"product_reference": "openshift4/ose-sriov-network-config-daemon@sha256:bea03b981c6bac55ae89e42d24a49dd3876f3005beb9e4b5ea54be8248b15a45_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-device-plugin@sha256:18fa4a04e748adbfa1b793d98f6e8eb906852eb1e8d28d25f66297dc0d4370c9_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:18fa4a04e748adbfa1b793d98f6e8eb906852eb1e8d28d25f66297dc0d4370c9_ppc64le"
},
"product_reference": "openshift4/ose-sriov-network-device-plugin@sha256:18fa4a04e748adbfa1b793d98f6e8eb906852eb1e8d28d25f66297dc0d4370c9_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-device-plugin@sha256:5654025cb60c9c42fa0e638ef2e7a84d89bdf5cfefb8a25ab162687bda8adcb6_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:5654025cb60c9c42fa0e638ef2e7a84d89bdf5cfefb8a25ab162687bda8adcb6_arm64"
},
"product_reference": "openshift4/ose-sriov-network-device-plugin@sha256:5654025cb60c9c42fa0e638ef2e7a84d89bdf5cfefb8a25ab162687bda8adcb6_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64"
},
"product_reference": "openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-operator@sha256:44ffe87e64a9e73fdb4fabe6d59aa06e802216cda0ee76c06170fdeb7014b82e_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:44ffe87e64a9e73fdb4fabe6d59aa06e802216cda0ee76c06170fdeb7014b82e_arm64"
},
"product_reference": "openshift4/ose-sriov-network-operator@sha256:44ffe87e64a9e73fdb4fabe6d59aa06e802216cda0ee76c06170fdeb7014b82e_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-operator@sha256:762ba98cffdce6dd5e9362e944bccc19b866d1b7feaf622f80351e52ce2a6caf_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:762ba98cffdce6dd5e9362e944bccc19b866d1b7feaf622f80351e52ce2a6caf_ppc64le"
},
"product_reference": "openshift4/ose-sriov-network-operator@sha256:762ba98cffdce6dd5e9362e944bccc19b866d1b7feaf622f80351e52ce2a6caf_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-operator@sha256:af60d3aa0ad2d4c7db1e5d0b37ffe1e48887ee9e32b937c3605e396a8e0c5b8e_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:af60d3aa0ad2d4c7db1e5d0b37ffe1e48887ee9e32b937c3605e396a8e0c5b8e_amd64"
},
"product_reference": "openshift4/ose-sriov-network-operator@sha256:af60d3aa0ad2d4c7db1e5d0b37ffe1e48887ee9e32b937c3605e396a8e0c5b8e_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-webhook@sha256:7c93705cc65a1575a2d8e775860a032845f09c9014ea22d7d60a644cc7215fee_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:7c93705cc65a1575a2d8e775860a032845f09c9014ea22d7d60a644cc7215fee_arm64"
},
"product_reference": "openshift4/ose-sriov-network-webhook@sha256:7c93705cc65a1575a2d8e775860a032845f09c9014ea22d7d60a644cc7215fee_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-webhook@sha256:a68b81fa4f1a32c36a8e4496c037f8e4545b38afdd0f0d226307db3f94463c6e_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:a68b81fa4f1a32c36a8e4496c037f8e4545b38afdd0f0d226307db3f94463c6e_ppc64le"
},
"product_reference": "openshift4/ose-sriov-network-webhook@sha256:a68b81fa4f1a32c36a8e4496c037f8e4545b38afdd0f0d226307db3f94463c6e_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-sriov-network-webhook@sha256:cbcc16844ae0319de243aaf1a5a1144f184e33b35e038fcc030ff5f0a4505d2e_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:cbcc16844ae0319de243aaf1a5a1144f184e33b35e038fcc030ff5f0a4505d2e_amd64"
},
"product_reference": "openshift4/ose-sriov-network-webhook@sha256:cbcc16844ae0319de243aaf1a5a1144f184e33b35e038fcc030ff5f0a4505d2e_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:90ad52c3f906026e9c5576559fec7541bec9a3159690f98990a225f7b45bfe5e_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:90ad52c3f906026e9c5576559fec7541bec9a3159690f98990a225f7b45bfe5e_arm64"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:90ad52c3f906026e9c5576559fec7541bec9a3159690f98990a225f7b45bfe5e_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:bd890d83f7ae835728de79196793adffaf2d19f00141322ac490877c6d0fe873_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:bd890d83f7ae835728de79196793adffaf2d19f00141322ac490877c6d0fe873_s390x"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:bd890d83f7ae835728de79196793adffaf2d19f00141322ac490877c6d0fe873_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:d85fce19b44c97f8711ea209b6ffa0763d5bbb496053189685a859477d5d81f0_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:d85fce19b44c97f8711ea209b6ffa0763d5bbb496053189685a859477d5d81f0_ppc64le"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:d85fce19b44c97f8711ea209b6ffa0763d5bbb496053189685a859477d5d81f0_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:e54b54d3821392f09f3a19bae19b93434dfad6327e8aa910a293ce8eeb6661bb_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:e54b54d3821392f09f3a19bae19b93434dfad6327e8aa910a293ce8eeb6661bb_amd64"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:e54b54d3821392f09f3a19bae19b93434dfad6327e8aa910a293ce8eeb6661bb_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:2882b66ef1e76d922697e45ce2c2d7d2cb610894d0291538b816f456d2c46950_s390x as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:2882b66ef1e76d922697e45ce2c2d7d2cb610894d0291538b816f456d2c46950_s390x"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:2882b66ef1e76d922697e45ce2c2d7d2cb610894d0291538b816f456d2c46950_s390x",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:c799e7fcecfbc2e2ef573c2c885d88ced5a39f0a15016a927ddb4f5ef6d6299a_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:c799e7fcecfbc2e2ef573c2c885d88ced5a39f0a15016a927ddb4f5ef6d6299a_arm64"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:c799e7fcecfbc2e2ef573c2c885d88ced5a39f0a15016a927ddb4f5ef6d6299a_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:dffd809542c7760bdf7472627559c49fee48f047504c2e6c3b9f38ecf8baa4bb_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:dffd809542c7760bdf7472627559c49fee48f047504c2e6c3b9f38ecf8baa4bb_amd64"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:dffd809542c7760bdf7472627559c49fee48f047504c2e6c3b9f38ecf8baa4bb_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:f723dafd371cbc77bcb92c6dd323bcf9b26880b50a01718ec2a6345b57f75199_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:f723dafd371cbc77bcb92c6dd323bcf9b26880b50a01718ec2a6345b57f75199_ppc64le"
},
"product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:f723dafd371cbc77bcb92c6dd323bcf9b26880b50a01718ec2a6345b57f75199_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ptp-must-gather-rhel8@sha256:281b0039a3814d7b49ccdb26c1a94b2067219cd38aad5d757f9b92867c59312e_amd64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:281b0039a3814d7b49ccdb26c1a94b2067219cd38aad5d757f9b92867c59312e_amd64"
},
"product_reference": "openshift4/ptp-must-gather-rhel8@sha256:281b0039a3814d7b49ccdb26c1a94b2067219cd38aad5d757f9b92867c59312e_amd64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64"
},
"product_reference": "openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64",
"relates_to_product_reference": "8Base-RHOSE-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift4/ptp-must-gather-rhel8@sha256:a3886ce4ebb9d7782b19c6f17791df9d8dfcd0a1ea6558a2b1c597d4a400384a_ppc64le as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:a3886ce4ebb9d7782b19c6f17791df9d8dfcd0a1ea6558a2b1c597d4a400384a_ppc64le"
},
"product_reference": "openshift4/ptp-must-gather-rhel8@sha256:a3886ce4ebb9d7782b19c6f17791df9d8dfcd0a1ea6558a2b1c597d4a400384a_ppc64le",
"relates_to_product_reference": "8Base-RHOSE-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"8Base-RHOSE-4.12:openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64",
"8Base-RHOSE-4.12:openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:72cf77954e8a4946961bd20c7b05398f9c99ae15ddde1aca9dfe6eb442b12022_ppc64le",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:a1199349c9f7321b67ec73a3bb7ec8eb02c1892fa8ff60d135c9957a48b1aa7d_arm64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:a2101864a1bdef883ff6493642870fecbe91b0e31ea57a36f918523ec552213b_amd64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:e723f8ef299deb977eabc5b96adf6f2d1dd37f5a892d338c56bef95bc6f8fd8c_s390x",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:285d86578ee1284e413bd1e991d33bc1d956db5af64e42525afa2216d95dfe74_ppc64le",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:7fa41d4dc5d21f6970e55374a0d3c1d1a1d1e70b802538bae0067add8d17fb2d_arm64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:81c28fa0f67121b63c30f263b287c31dfa63d781226b2c2da6151551fadc2b6f_amd64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:b98d3493fe884eade42907b7d61a34d56e4da206d5211710862ea7a9b01052db_s390x",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:108683934e0081dd2b47d45b8645da0597e801d6393e0275bba60e557df22118_amd64",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:46e5e9c1a0de429ce010c8413c436b65db487b901559a31ec12d7ad5ac285ee9_arm64",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:780bf0296dfeb56ea236682bde3a200953f52ffc4a7806e57a1b2a9907edc6a0_s390x",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:ed4b83ea6860722a34422419763d8181cc2729c2c66e113e42b004f788715789_ppc64le",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:8a7ff91387a533b4727278f654260f37031a9f25bd8e020e9cc6b8801d2e53ef_amd64",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:8d27e611fdef663f48d1210f3c79861207cd3022c45e6a0b9024783fd3cdfbef_ppc64le",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:d017795ad6e97fbfbc4e63c212bb3df8fd253e7fe67e0764571be242e8a67bd6_arm64",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:30ef56694e5cf07818c01dde16463a65133effbc045006a74479e34fcefbde70_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:4a623730a2f43a50069d6f4f60e8c91198608852cf52c61aa3a25c111fcdce42_amd64",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:cadb8a46c39d49156600b973e280bd303d6f9050bd06b5a42b77d87e739c74e4_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:e98cc3ff99e6b1040ffb579e6bb581a02101cb9935ac2a5a69245d3eb8e9773d_s390x",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:478a6fb62e9a5621cd26fc866aef1a0024164b42b37de80714b8e2dd6a366ca5_arm64",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:fbc73cd2015b3623070742fe31df0f41db5a131e5648d65693b1e976c2f5bc6f_amd64",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:7d56e3582f381267397503a4410811d20f8b8fe9500423dd281d92bc740951b4_amd64",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ea669ecbf3fbda745413e79ba33a9d4e71585e0ba8665f200eb0e9a5b8226b9d_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:102b294d1a9965c935a74a7eaae9f2e7be4d747bdba1f9860206fb231e057ee3_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:3c0479d783c92f1ebeb9a1fa6201fdb84c594a1ca4412eb095a297ce5c2aa35d_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:4382fb0818dd63af22b8fc8fc5cfb614be6f7ea8ea5ced779a528f7c47175880_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:4a15d356228a39cca0126c3df8b30fc2bcbd89e95f1bb24d67c342e01011840d_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:ba7a52e143b77cf3f1972da8cc02ab5587d0dff77b8e975c522a0fc9f05d59a2_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:baf8938374b42f94b453d751edde90e77cc96f33bdbec91e32011f31368903a7_amd64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:020f16bc6aeaaaf6dcb3feee17fdddf7ccc9b98ea5c8a848dc97f486aeb90631_amd64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:22f013044a290eb8810cc0ecfc909c2b9fa01d74bdaea8feb82808cab28e9212_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b388f12cca8cee34bf6703c5111fa157c9cc795dacf68e089ffb45816d3dc0a7_s390x",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f5182cd7ee2e3c2bb579e818fbc81f66298609c7c211ffa714713704be5f62fc_arm64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:12f3f2b0d1c7b2735dc7770674e6ab8141bc8936f89f8fcca2f037bd10ace649_s390x",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:c82c0e4dab2cbad793f89eb4fa612b37762afb2643432e984d07196637025108_arm64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:eefbf0f8bdfe24fbea91ddd415888cc3a0769d7c0875345d2089170e62dbcc5d_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:ae6d9cb81d64e8a144f48f82f5f016be2e606bc96c2fcdebb1c2551086a76ebc_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:cd33c1243171439b1ffd3d1133922fc078a093095dfb6c6b00c2c0be2c6f72da_amd64",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:e26479f66f80f84815aa411c80ed8ffc2b090fcef1bedfcce49d8f2bd41fd771_s390x",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:f30257831f2167be88df438a550bafd9670231ba62d04d2f403f898c64c5b013_arm64",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:5b2e6d7f2775d4bb5667c9b945e045bfdaf428570fb27818c70630075c9d1f70_arm64",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:d689ec4ac0e0148633f7bca9005e82461f1951659c2da3a9bffe6038e2101095_s390x",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:e2aaf0ab59f87f1fe2723be34e71d6d185bc378ea057e229838a2006c32bbce4_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:5f0b4815098cb9f43b5fcd40581ae93f6f6655c3a3a526aee906368f08e69874_amd64",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:9253717b1bce094dbdd7d9d6af6485e7719d69aef97938c75f991f83392af4ef_arm64",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:c71f5f4d3f62199c89ef05cba94f805f074500dbbce33efcbb421ed9abc5be12_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9fe6a4dec159fdd43821b3180a1090dcb78609d77fbff26aacaf89c1fcae7392_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:aab06773166b0272d1d62d82d22bdf1aaf38d5c7a380ce3ff6d5ceb1d5901784_amd64",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:3d8a9e5463f9efe11182ac23ab8edcaceb3a122d78df83921483691a32ace0f6_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:65743683d8085a4361a59b85970f5d9fe0b844ade55034ea1d25e385a23ca671_amd64",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:09a9fc0f3e8f11ece0143e301f29386dcc899c41f26b7b06cdc18830fcd3e535_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:65e5e849c5ef5ea84ea3c4e07739938999d8ea2ecefccd5544d8e2ca672ef46a_arm64",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:89951eb78b805680d5289d65cb7c8b4a18d3342f6c51b58e48e73722edcab401_amd64",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:9859c36ad6668fa092d1023a3f75a2828b0868951fa309c44e8f431add419288_s390x",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:26f0f068bd1e22fbc3705117817bcf0aa47559aa508504eaf80a781516516d95_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:2a5e32f5ba01ca2d512ff93cc76b17d134923f85ed6241ef0818baff9f9fdf17_arm64",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:631ffa3d29931e673f45fdc427301b56a4a025cc51a32f2756d8ef31de53291f_amd64",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:93ffc29f43f0e8a0ea41d09806e66e9d881b17817623ed74dc226fbc80403346_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:90e60cb79ebe1e989d038b2e7eabc7020c4f0d15dfc68a3b8ffa8dfe242df904_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:b4b53f3f4afa79b9a659370b8cbc2cad3116dfc0e2a3678c51147cf20cbd24d4_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:fca7a0479fe492e61cae73535c25e8d32a4d895761bf886e6338a484c0348fd0_amd64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:12b4caa17dc0c6a579454a4e3204dac180e599e775952f4b42310c1c417e16a0_amd64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:173809679d1180200d81df86c0c8d5824b65edb70253fa641784ac89d162400c_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190_arm64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:91cac5f0553d39db5db6c917895739c5aa4c7b8d6d13c7a3a5e44edc3995dd4e_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:136b1a956321aefe3f6840c284a1418c7eef97f1c01acc85195ba32492d4e227_arm64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:4b76c420c27896317fd2bcd6739221cbaa15f86dddeaf0e7615c6519e488d16f_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:c6dd84c8fa114fd5e2cb54cd996a4aba42dee3b581a334346e5eaf8b39a3db7e_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:1c6a0888e201605df64b4a0162a21b2364baf1f781cbbacd88a2157b8a4702d8_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:3ddeb65fad850a996347bdf961879dabb1277a5d9ae300a45e87664466294d85_amd64",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:bd2b362dfb3f83a1eaf31cf852fefe7517d9272b508ef671c18c07d542c384c2_s390x",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:d0223b0dbd14725bdd3529ddf690fe0ef64a3e43ccde6da44738a3264292219f_arm64",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:20092764d0e33eabdeb74f73502d442d54e9b18ef69ecb84d62b7be17dc16ce4_arm64",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:2eb4baac81c48822b89850e4ca02f2ecaf49dcba63dca5343a4f52587827d330_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:668985fd6b8b8c93e46e75d7fdf98b7d48b5decf897e417a8a2e46a7eb1d98fb_amd64",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x",
"8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:58c0d0aa10dce221251d77cbcb075e231f5ebaa3aba91397fab7ccc49007e3be_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:66aae4c0b92a1594526c3fb959d0baac6a277ac88a2796be9dcb7aa4a48e18ee_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:e92c59a8d4e936b06cb0de3e438361c96d01cde7f1171589a88c88287d6e7ca2_amd64",
"8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:41c58aa89e406885091d2bc777ce00e14a9a1b10ce9904db8480583f38058504_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:495c6bdf9f1ddf6ba42f160e3459afd57e163025f2b3448b4e1c486be0c1d437_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:943abb445ca797dd4498970a989ea9fea2289f218021f9217791b2c6f11e7204_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:475a89507d26f315689fa740c7e1732573af4593052399d492bdb33fc2fe9dd3_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:ebab320cd12116d6368e99680d8eabbd48a9552f5fb0fdafa8fe3de8dbeb3748_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:f7c79c165d548816014e0d66064378e9d069cee6c0ddd353b6a370ea64a6cf9d_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:d3cd88d666e7f66c126fc2d555bc5359f5d4786521b0a874049007b7b71180b1_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:ee8c0a18471ddba9929d40c14331d1a3f168ef01f4763ee85049df9c75193c18_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:ef957e1d49d8dd4576e7ab4c2d6559d96f294452e846d1f2244dfae1f86a7e33_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:2892b1820ebf7f185f119bf56552e525853b27b0acb8bd935aee9dc29f59c989_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:89ca5677d919fdfd9707c53fd3ab4f0555cfb85d715bbd45475aed20a29082a5_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:2629ac0c79df36ac8beec9467ad2c4963ad10c88544a2774539c0b3aad132329_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:9d23efd1b5d0d5dce268c01867ee7230b5a0a835e7e8133fc159b01fc671645a_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:bea03b981c6bac55ae89e42d24a49dd3876f3005beb9e4b5ea54be8248b15a45_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:18fa4a04e748adbfa1b793d98f6e8eb906852eb1e8d28d25f66297dc0d4370c9_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:5654025cb60c9c42fa0e638ef2e7a84d89bdf5cfefb8a25ab162687bda8adcb6_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:44ffe87e64a9e73fdb4fabe6d59aa06e802216cda0ee76c06170fdeb7014b82e_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:762ba98cffdce6dd5e9362e944bccc19b866d1b7feaf622f80351e52ce2a6caf_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:af60d3aa0ad2d4c7db1e5d0b37ffe1e48887ee9e32b937c3605e396a8e0c5b8e_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:7c93705cc65a1575a2d8e775860a032845f09c9014ea22d7d60a644cc7215fee_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:a68b81fa4f1a32c36a8e4496c037f8e4545b38afdd0f0d226307db3f94463c6e_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:cbcc16844ae0319de243aaf1a5a1144f184e33b35e038fcc030ff5f0a4505d2e_amd64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:90ad52c3f906026e9c5576559fec7541bec9a3159690f98990a225f7b45bfe5e_arm64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:bd890d83f7ae835728de79196793adffaf2d19f00141322ac490877c6d0fe873_s390x",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:d85fce19b44c97f8711ea209b6ffa0763d5bbb496053189685a859477d5d81f0_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:e54b54d3821392f09f3a19bae19b93434dfad6327e8aa910a293ce8eeb6661bb_amd64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:2882b66ef1e76d922697e45ce2c2d7d2cb610894d0291538b816f456d2c46950_s390x",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:c799e7fcecfbc2e2ef573c2c885d88ced5a39f0a15016a927ddb4f5ef6d6299a_arm64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:dffd809542c7760bdf7472627559c49fee48f047504c2e6c3b9f38ecf8baa4bb_amd64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:f723dafd371cbc77bcb92c6dd323bcf9b26880b50a01718ec2a6345b57f75199_ppc64le",
"8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:281b0039a3814d7b49ccdb26c1a94b2067219cd38aad5d757f9b92867c59312e_amd64",
"8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64",
"8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:a3886ce4ebb9d7782b19c6f17791df9d8dfcd0a1ea6558a2b1c597d4a400384a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:1021d8e034641627457b8fc54d33d307c09f815dc5f7fc28bca44314e39c169d_s390x",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:3a5f632a8271a7ebc902eebeed596e0350c2e745b8e041cbe353f15f85df50bf_arm64",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:4e77db56f4263ffd43b5db6dbb008bcc9304103784461f79076d68cc37300b3c_amd64",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:c97a39e5c26080bf6ec1d0a7fdd3d5f1ca02fd063f17731ebf7d61c6086d4f07_ppc64le"
],
"known_not_affected": [
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"8Base-RHOSE-4.12:openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64",
"8Base-RHOSE-4.12:openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:72cf77954e8a4946961bd20c7b05398f9c99ae15ddde1aca9dfe6eb442b12022_ppc64le",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:a1199349c9f7321b67ec73a3bb7ec8eb02c1892fa8ff60d135c9957a48b1aa7d_arm64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:a2101864a1bdef883ff6493642870fecbe91b0e31ea57a36f918523ec552213b_amd64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:e723f8ef299deb977eabc5b96adf6f2d1dd37f5a892d338c56bef95bc6f8fd8c_s390x",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:285d86578ee1284e413bd1e991d33bc1d956db5af64e42525afa2216d95dfe74_ppc64le",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:7fa41d4dc5d21f6970e55374a0d3c1d1a1d1e70b802538bae0067add8d17fb2d_arm64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:81c28fa0f67121b63c30f263b287c31dfa63d781226b2c2da6151551fadc2b6f_amd64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:b98d3493fe884eade42907b7d61a34d56e4da206d5211710862ea7a9b01052db_s390x",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:108683934e0081dd2b47d45b8645da0597e801d6393e0275bba60e557df22118_amd64",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:46e5e9c1a0de429ce010c8413c436b65db487b901559a31ec12d7ad5ac285ee9_arm64",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:780bf0296dfeb56ea236682bde3a200953f52ffc4a7806e57a1b2a9907edc6a0_s390x",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:ed4b83ea6860722a34422419763d8181cc2729c2c66e113e42b004f788715789_ppc64le",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:8a7ff91387a533b4727278f654260f37031a9f25bd8e020e9cc6b8801d2e53ef_amd64",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:8d27e611fdef663f48d1210f3c79861207cd3022c45e6a0b9024783fd3cdfbef_ppc64le",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:d017795ad6e97fbfbc4e63c212bb3df8fd253e7fe67e0764571be242e8a67bd6_arm64",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:30ef56694e5cf07818c01dde16463a65133effbc045006a74479e34fcefbde70_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:4a623730a2f43a50069d6f4f60e8c91198608852cf52c61aa3a25c111fcdce42_amd64",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:cadb8a46c39d49156600b973e280bd303d6f9050bd06b5a42b77d87e739c74e4_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:e98cc3ff99e6b1040ffb579e6bb581a02101cb9935ac2a5a69245d3eb8e9773d_s390x",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:478a6fb62e9a5621cd26fc866aef1a0024164b42b37de80714b8e2dd6a366ca5_arm64",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:fbc73cd2015b3623070742fe31df0f41db5a131e5648d65693b1e976c2f5bc6f_amd64",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:7d56e3582f381267397503a4410811d20f8b8fe9500423dd281d92bc740951b4_amd64",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ea669ecbf3fbda745413e79ba33a9d4e71585e0ba8665f200eb0e9a5b8226b9d_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:102b294d1a9965c935a74a7eaae9f2e7be4d747bdba1f9860206fb231e057ee3_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:3c0479d783c92f1ebeb9a1fa6201fdb84c594a1ca4412eb095a297ce5c2aa35d_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:4382fb0818dd63af22b8fc8fc5cfb614be6f7ea8ea5ced779a528f7c47175880_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:4a15d356228a39cca0126c3df8b30fc2bcbd89e95f1bb24d67c342e01011840d_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:ba7a52e143b77cf3f1972da8cc02ab5587d0dff77b8e975c522a0fc9f05d59a2_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:baf8938374b42f94b453d751edde90e77cc96f33bdbec91e32011f31368903a7_amd64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:020f16bc6aeaaaf6dcb3feee17fdddf7ccc9b98ea5c8a848dc97f486aeb90631_amd64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:22f013044a290eb8810cc0ecfc909c2b9fa01d74bdaea8feb82808cab28e9212_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b388f12cca8cee34bf6703c5111fa157c9cc795dacf68e089ffb45816d3dc0a7_s390x",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f5182cd7ee2e3c2bb579e818fbc81f66298609c7c211ffa714713704be5f62fc_arm64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:12f3f2b0d1c7b2735dc7770674e6ab8141bc8936f89f8fcca2f037bd10ace649_s390x",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:c82c0e4dab2cbad793f89eb4fa612b37762afb2643432e984d07196637025108_arm64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:eefbf0f8bdfe24fbea91ddd415888cc3a0769d7c0875345d2089170e62dbcc5d_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:ae6d9cb81d64e8a144f48f82f5f016be2e606bc96c2fcdebb1c2551086a76ebc_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:cd33c1243171439b1ffd3d1133922fc078a093095dfb6c6b00c2c0be2c6f72da_amd64",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:e26479f66f80f84815aa411c80ed8ffc2b090fcef1bedfcce49d8f2bd41fd771_s390x",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:f30257831f2167be88df438a550bafd9670231ba62d04d2f403f898c64c5b013_arm64",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:5b2e6d7f2775d4bb5667c9b945e045bfdaf428570fb27818c70630075c9d1f70_arm64",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:d689ec4ac0e0148633f7bca9005e82461f1951659c2da3a9bffe6038e2101095_s390x",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:e2aaf0ab59f87f1fe2723be34e71d6d185bc378ea057e229838a2006c32bbce4_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:5f0b4815098cb9f43b5fcd40581ae93f6f6655c3a3a526aee906368f08e69874_amd64",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:9253717b1bce094dbdd7d9d6af6485e7719d69aef97938c75f991f83392af4ef_arm64",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:c71f5f4d3f62199c89ef05cba94f805f074500dbbce33efcbb421ed9abc5be12_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9fe6a4dec159fdd43821b3180a1090dcb78609d77fbff26aacaf89c1fcae7392_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:aab06773166b0272d1d62d82d22bdf1aaf38d5c7a380ce3ff6d5ceb1d5901784_amd64",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:3d8a9e5463f9efe11182ac23ab8edcaceb3a122d78df83921483691a32ace0f6_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:65743683d8085a4361a59b85970f5d9fe0b844ade55034ea1d25e385a23ca671_amd64",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:09a9fc0f3e8f11ece0143e301f29386dcc899c41f26b7b06cdc18830fcd3e535_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:65e5e849c5ef5ea84ea3c4e07739938999d8ea2ecefccd5544d8e2ca672ef46a_arm64",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:89951eb78b805680d5289d65cb7c8b4a18d3342f6c51b58e48e73722edcab401_amd64",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:9859c36ad6668fa092d1023a3f75a2828b0868951fa309c44e8f431add419288_s390x",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:26f0f068bd1e22fbc3705117817bcf0aa47559aa508504eaf80a781516516d95_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:2a5e32f5ba01ca2d512ff93cc76b17d134923f85ed6241ef0818baff9f9fdf17_arm64",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:631ffa3d29931e673f45fdc427301b56a4a025cc51a32f2756d8ef31de53291f_amd64",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:93ffc29f43f0e8a0ea41d09806e66e9d881b17817623ed74dc226fbc80403346_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:90e60cb79ebe1e989d038b2e7eabc7020c4f0d15dfc68a3b8ffa8dfe242df904_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:b4b53f3f4afa79b9a659370b8cbc2cad3116dfc0e2a3678c51147cf20cbd24d4_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:fca7a0479fe492e61cae73535c25e8d32a4d895761bf886e6338a484c0348fd0_amd64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:12b4caa17dc0c6a579454a4e3204dac180e599e775952f4b42310c1c417e16a0_amd64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:173809679d1180200d81df86c0c8d5824b65edb70253fa641784ac89d162400c_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190_arm64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:91cac5f0553d39db5db6c917895739c5aa4c7b8d6d13c7a3a5e44edc3995dd4e_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:136b1a956321aefe3f6840c284a1418c7eef97f1c01acc85195ba32492d4e227_arm64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:4b76c420c27896317fd2bcd6739221cbaa15f86dddeaf0e7615c6519e488d16f_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:c6dd84c8fa114fd5e2cb54cd996a4aba42dee3b581a334346e5eaf8b39a3db7e_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:1c6a0888e201605df64b4a0162a21b2364baf1f781cbbacd88a2157b8a4702d8_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:3ddeb65fad850a996347bdf961879dabb1277a5d9ae300a45e87664466294d85_amd64",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:bd2b362dfb3f83a1eaf31cf852fefe7517d9272b508ef671c18c07d542c384c2_s390x",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:d0223b0dbd14725bdd3529ddf690fe0ef64a3e43ccde6da44738a3264292219f_arm64",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:20092764d0e33eabdeb74f73502d442d54e9b18ef69ecb84d62b7be17dc16ce4_arm64",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:2eb4baac81c48822b89850e4ca02f2ecaf49dcba63dca5343a4f52587827d330_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:668985fd6b8b8c93e46e75d7fdf98b7d48b5decf897e417a8a2e46a7eb1d98fb_amd64",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x",
"8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:58c0d0aa10dce221251d77cbcb075e231f5ebaa3aba91397fab7ccc49007e3be_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:66aae4c0b92a1594526c3fb959d0baac6a277ac88a2796be9dcb7aa4a48e18ee_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:e92c59a8d4e936b06cb0de3e438361c96d01cde7f1171589a88c88287d6e7ca2_amd64",
"8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:41c58aa89e406885091d2bc777ce00e14a9a1b10ce9904db8480583f38058504_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:495c6bdf9f1ddf6ba42f160e3459afd57e163025f2b3448b4e1c486be0c1d437_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:943abb445ca797dd4498970a989ea9fea2289f218021f9217791b2c6f11e7204_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:475a89507d26f315689fa740c7e1732573af4593052399d492bdb33fc2fe9dd3_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:ebab320cd12116d6368e99680d8eabbd48a9552f5fb0fdafa8fe3de8dbeb3748_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:f7c79c165d548816014e0d66064378e9d069cee6c0ddd353b6a370ea64a6cf9d_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:d3cd88d666e7f66c126fc2d555bc5359f5d4786521b0a874049007b7b71180b1_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:ee8c0a18471ddba9929d40c14331d1a3f168ef01f4763ee85049df9c75193c18_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:ef957e1d49d8dd4576e7ab4c2d6559d96f294452e846d1f2244dfae1f86a7e33_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:2892b1820ebf7f185f119bf56552e525853b27b0acb8bd935aee9dc29f59c989_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:89ca5677d919fdfd9707c53fd3ab4f0555cfb85d715bbd45475aed20a29082a5_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:2629ac0c79df36ac8beec9467ad2c4963ad10c88544a2774539c0b3aad132329_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:9d23efd1b5d0d5dce268c01867ee7230b5a0a835e7e8133fc159b01fc671645a_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:bea03b981c6bac55ae89e42d24a49dd3876f3005beb9e4b5ea54be8248b15a45_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:18fa4a04e748adbfa1b793d98f6e8eb906852eb1e8d28d25f66297dc0d4370c9_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:5654025cb60c9c42fa0e638ef2e7a84d89bdf5cfefb8a25ab162687bda8adcb6_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:44ffe87e64a9e73fdb4fabe6d59aa06e802216cda0ee76c06170fdeb7014b82e_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:762ba98cffdce6dd5e9362e944bccc19b866d1b7feaf622f80351e52ce2a6caf_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:af60d3aa0ad2d4c7db1e5d0b37ffe1e48887ee9e32b937c3605e396a8e0c5b8e_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:7c93705cc65a1575a2d8e775860a032845f09c9014ea22d7d60a644cc7215fee_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:a68b81fa4f1a32c36a8e4496c037f8e4545b38afdd0f0d226307db3f94463c6e_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:cbcc16844ae0319de243aaf1a5a1144f184e33b35e038fcc030ff5f0a4505d2e_amd64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:90ad52c3f906026e9c5576559fec7541bec9a3159690f98990a225f7b45bfe5e_arm64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:bd890d83f7ae835728de79196793adffaf2d19f00141322ac490877c6d0fe873_s390x",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:d85fce19b44c97f8711ea209b6ffa0763d5bbb496053189685a859477d5d81f0_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:e54b54d3821392f09f3a19bae19b93434dfad6327e8aa910a293ce8eeb6661bb_amd64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:2882b66ef1e76d922697e45ce2c2d7d2cb610894d0291538b816f456d2c46950_s390x",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:c799e7fcecfbc2e2ef573c2c885d88ced5a39f0a15016a927ddb4f5ef6d6299a_arm64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:dffd809542c7760bdf7472627559c49fee48f047504c2e6c3b9f38ecf8baa4bb_amd64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:f723dafd371cbc77bcb92c6dd323bcf9b26880b50a01718ec2a6345b57f75199_ppc64le",
"8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:281b0039a3814d7b49ccdb26c1a94b2067219cd38aad5d757f9b92867c59312e_amd64",
"8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64",
"8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:a3886ce4ebb9d7782b19c6f17791df9d8dfcd0a1ea6558a2b1c597d4a400384a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-25T00:59:06+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html",
"product_ids": [
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:1021d8e034641627457b8fc54d33d307c09f815dc5f7fc28bca44314e39c169d_s390x",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:3a5f632a8271a7ebc902eebeed596e0350c2e745b8e041cbe353f15f85df50bf_arm64",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:4e77db56f4263ffd43b5db6dbb008bcc9304103784461f79076d68cc37300b3c_amd64",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:c97a39e5c26080bf6ec1d0a7fdd3d5f1ca02fd063f17731ebf7d61c6086d4f07_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5895"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"8Base-RHOSE-4.12:openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64",
"8Base-RHOSE-4.12:openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:72cf77954e8a4946961bd20c7b05398f9c99ae15ddde1aca9dfe6eb442b12022_ppc64le",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:a1199349c9f7321b67ec73a3bb7ec8eb02c1892fa8ff60d135c9957a48b1aa7d_arm64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:a2101864a1bdef883ff6493642870fecbe91b0e31ea57a36f918523ec552213b_amd64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:e723f8ef299deb977eabc5b96adf6f2d1dd37f5a892d338c56bef95bc6f8fd8c_s390x",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:285d86578ee1284e413bd1e991d33bc1d956db5af64e42525afa2216d95dfe74_ppc64le",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:7fa41d4dc5d21f6970e55374a0d3c1d1a1d1e70b802538bae0067add8d17fb2d_arm64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:81c28fa0f67121b63c30f263b287c31dfa63d781226b2c2da6151551fadc2b6f_amd64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:b98d3493fe884eade42907b7d61a34d56e4da206d5211710862ea7a9b01052db_s390x",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:108683934e0081dd2b47d45b8645da0597e801d6393e0275bba60e557df22118_amd64",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:46e5e9c1a0de429ce010c8413c436b65db487b901559a31ec12d7ad5ac285ee9_arm64",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:780bf0296dfeb56ea236682bde3a200953f52ffc4a7806e57a1b2a9907edc6a0_s390x",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:ed4b83ea6860722a34422419763d8181cc2729c2c66e113e42b004f788715789_ppc64le",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:8a7ff91387a533b4727278f654260f37031a9f25bd8e020e9cc6b8801d2e53ef_amd64",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:8d27e611fdef663f48d1210f3c79861207cd3022c45e6a0b9024783fd3cdfbef_ppc64le",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:d017795ad6e97fbfbc4e63c212bb3df8fd253e7fe67e0764571be242e8a67bd6_arm64",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:30ef56694e5cf07818c01dde16463a65133effbc045006a74479e34fcefbde70_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:4a623730a2f43a50069d6f4f60e8c91198608852cf52c61aa3a25c111fcdce42_amd64",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:cadb8a46c39d49156600b973e280bd303d6f9050bd06b5a42b77d87e739c74e4_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:e98cc3ff99e6b1040ffb579e6bb581a02101cb9935ac2a5a69245d3eb8e9773d_s390x",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:478a6fb62e9a5621cd26fc866aef1a0024164b42b37de80714b8e2dd6a366ca5_arm64",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:fbc73cd2015b3623070742fe31df0f41db5a131e5648d65693b1e976c2f5bc6f_amd64",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:7d56e3582f381267397503a4410811d20f8b8fe9500423dd281d92bc740951b4_amd64",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ea669ecbf3fbda745413e79ba33a9d4e71585e0ba8665f200eb0e9a5b8226b9d_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:102b294d1a9965c935a74a7eaae9f2e7be4d747bdba1f9860206fb231e057ee3_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:3c0479d783c92f1ebeb9a1fa6201fdb84c594a1ca4412eb095a297ce5c2aa35d_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:4382fb0818dd63af22b8fc8fc5cfb614be6f7ea8ea5ced779a528f7c47175880_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:4a15d356228a39cca0126c3df8b30fc2bcbd89e95f1bb24d67c342e01011840d_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:ba7a52e143b77cf3f1972da8cc02ab5587d0dff77b8e975c522a0fc9f05d59a2_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:baf8938374b42f94b453d751edde90e77cc96f33bdbec91e32011f31368903a7_amd64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:020f16bc6aeaaaf6dcb3feee17fdddf7ccc9b98ea5c8a848dc97f486aeb90631_amd64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:22f013044a290eb8810cc0ecfc909c2b9fa01d74bdaea8feb82808cab28e9212_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b388f12cca8cee34bf6703c5111fa157c9cc795dacf68e089ffb45816d3dc0a7_s390x",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f5182cd7ee2e3c2bb579e818fbc81f66298609c7c211ffa714713704be5f62fc_arm64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:12f3f2b0d1c7b2735dc7770674e6ab8141bc8936f89f8fcca2f037bd10ace649_s390x",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:c82c0e4dab2cbad793f89eb4fa612b37762afb2643432e984d07196637025108_arm64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:eefbf0f8bdfe24fbea91ddd415888cc3a0769d7c0875345d2089170e62dbcc5d_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:ae6d9cb81d64e8a144f48f82f5f016be2e606bc96c2fcdebb1c2551086a76ebc_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:cd33c1243171439b1ffd3d1133922fc078a093095dfb6c6b00c2c0be2c6f72da_amd64",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:e26479f66f80f84815aa411c80ed8ffc2b090fcef1bedfcce49d8f2bd41fd771_s390x",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:f30257831f2167be88df438a550bafd9670231ba62d04d2f403f898c64c5b013_arm64",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:5b2e6d7f2775d4bb5667c9b945e045bfdaf428570fb27818c70630075c9d1f70_arm64",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:d689ec4ac0e0148633f7bca9005e82461f1951659c2da3a9bffe6038e2101095_s390x",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:e2aaf0ab59f87f1fe2723be34e71d6d185bc378ea057e229838a2006c32bbce4_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:5f0b4815098cb9f43b5fcd40581ae93f6f6655c3a3a526aee906368f08e69874_amd64",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:9253717b1bce094dbdd7d9d6af6485e7719d69aef97938c75f991f83392af4ef_arm64",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:c71f5f4d3f62199c89ef05cba94f805f074500dbbce33efcbb421ed9abc5be12_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9fe6a4dec159fdd43821b3180a1090dcb78609d77fbff26aacaf89c1fcae7392_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:aab06773166b0272d1d62d82d22bdf1aaf38d5c7a380ce3ff6d5ceb1d5901784_amd64",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:3d8a9e5463f9efe11182ac23ab8edcaceb3a122d78df83921483691a32ace0f6_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:65743683d8085a4361a59b85970f5d9fe0b844ade55034ea1d25e385a23ca671_amd64",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:09a9fc0f3e8f11ece0143e301f29386dcc899c41f26b7b06cdc18830fcd3e535_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:65e5e849c5ef5ea84ea3c4e07739938999d8ea2ecefccd5544d8e2ca672ef46a_arm64",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:89951eb78b805680d5289d65cb7c8b4a18d3342f6c51b58e48e73722edcab401_amd64",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:9859c36ad6668fa092d1023a3f75a2828b0868951fa309c44e8f431add419288_s390x",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:26f0f068bd1e22fbc3705117817bcf0aa47559aa508504eaf80a781516516d95_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:2a5e32f5ba01ca2d512ff93cc76b17d134923f85ed6241ef0818baff9f9fdf17_arm64",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:631ffa3d29931e673f45fdc427301b56a4a025cc51a32f2756d8ef31de53291f_amd64",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:93ffc29f43f0e8a0ea41d09806e66e9d881b17817623ed74dc226fbc80403346_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:90e60cb79ebe1e989d038b2e7eabc7020c4f0d15dfc68a3b8ffa8dfe242df904_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:b4b53f3f4afa79b9a659370b8cbc2cad3116dfc0e2a3678c51147cf20cbd24d4_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:fca7a0479fe492e61cae73535c25e8d32a4d895761bf886e6338a484c0348fd0_amd64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:12b4caa17dc0c6a579454a4e3204dac180e599e775952f4b42310c1c417e16a0_amd64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:173809679d1180200d81df86c0c8d5824b65edb70253fa641784ac89d162400c_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190_arm64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:91cac5f0553d39db5db6c917895739c5aa4c7b8d6d13c7a3a5e44edc3995dd4e_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:136b1a956321aefe3f6840c284a1418c7eef97f1c01acc85195ba32492d4e227_arm64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:4b76c420c27896317fd2bcd6739221cbaa15f86dddeaf0e7615c6519e488d16f_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:c6dd84c8fa114fd5e2cb54cd996a4aba42dee3b581a334346e5eaf8b39a3db7e_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:1c6a0888e201605df64b4a0162a21b2364baf1f781cbbacd88a2157b8a4702d8_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:3ddeb65fad850a996347bdf961879dabb1277a5d9ae300a45e87664466294d85_amd64",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:bd2b362dfb3f83a1eaf31cf852fefe7517d9272b508ef671c18c07d542c384c2_s390x",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:d0223b0dbd14725bdd3529ddf690fe0ef64a3e43ccde6da44738a3264292219f_arm64",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:20092764d0e33eabdeb74f73502d442d54e9b18ef69ecb84d62b7be17dc16ce4_arm64",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:2eb4baac81c48822b89850e4ca02f2ecaf49dcba63dca5343a4f52587827d330_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:668985fd6b8b8c93e46e75d7fdf98b7d48b5decf897e417a8a2e46a7eb1d98fb_amd64",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:1021d8e034641627457b8fc54d33d307c09f815dc5f7fc28bca44314e39c169d_s390x",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:3a5f632a8271a7ebc902eebeed596e0350c2e745b8e041cbe353f15f85df50bf_arm64",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:4e77db56f4263ffd43b5db6dbb008bcc9304103784461f79076d68cc37300b3c_amd64",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:c97a39e5c26080bf6ec1d0a7fdd3d5f1ca02fd063f17731ebf7d61c6086d4f07_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:58c0d0aa10dce221251d77cbcb075e231f5ebaa3aba91397fab7ccc49007e3be_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:66aae4c0b92a1594526c3fb959d0baac6a277ac88a2796be9dcb7aa4a48e18ee_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:e92c59a8d4e936b06cb0de3e438361c96d01cde7f1171589a88c88287d6e7ca2_amd64",
"8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:41c58aa89e406885091d2bc777ce00e14a9a1b10ce9904db8480583f38058504_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:495c6bdf9f1ddf6ba42f160e3459afd57e163025f2b3448b4e1c486be0c1d437_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:943abb445ca797dd4498970a989ea9fea2289f218021f9217791b2c6f11e7204_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:475a89507d26f315689fa740c7e1732573af4593052399d492bdb33fc2fe9dd3_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:ebab320cd12116d6368e99680d8eabbd48a9552f5fb0fdafa8fe3de8dbeb3748_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:f7c79c165d548816014e0d66064378e9d069cee6c0ddd353b6a370ea64a6cf9d_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:d3cd88d666e7f66c126fc2d555bc5359f5d4786521b0a874049007b7b71180b1_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:ee8c0a18471ddba9929d40c14331d1a3f168ef01f4763ee85049df9c75193c18_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:ef957e1d49d8dd4576e7ab4c2d6559d96f294452e846d1f2244dfae1f86a7e33_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:2892b1820ebf7f185f119bf56552e525853b27b0acb8bd935aee9dc29f59c989_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:89ca5677d919fdfd9707c53fd3ab4f0555cfb85d715bbd45475aed20a29082a5_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:2629ac0c79df36ac8beec9467ad2c4963ad10c88544a2774539c0b3aad132329_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:9d23efd1b5d0d5dce268c01867ee7230b5a0a835e7e8133fc159b01fc671645a_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:bea03b981c6bac55ae89e42d24a49dd3876f3005beb9e4b5ea54be8248b15a45_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:18fa4a04e748adbfa1b793d98f6e8eb906852eb1e8d28d25f66297dc0d4370c9_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:5654025cb60c9c42fa0e638ef2e7a84d89bdf5cfefb8a25ab162687bda8adcb6_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:44ffe87e64a9e73fdb4fabe6d59aa06e802216cda0ee76c06170fdeb7014b82e_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:762ba98cffdce6dd5e9362e944bccc19b866d1b7feaf622f80351e52ce2a6caf_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:af60d3aa0ad2d4c7db1e5d0b37ffe1e48887ee9e32b937c3605e396a8e0c5b8e_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:7c93705cc65a1575a2d8e775860a032845f09c9014ea22d7d60a644cc7215fee_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:a68b81fa4f1a32c36a8e4496c037f8e4545b38afdd0f0d226307db3f94463c6e_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:cbcc16844ae0319de243aaf1a5a1144f184e33b35e038fcc030ff5f0a4505d2e_amd64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:90ad52c3f906026e9c5576559fec7541bec9a3159690f98990a225f7b45bfe5e_arm64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:bd890d83f7ae835728de79196793adffaf2d19f00141322ac490877c6d0fe873_s390x",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:d85fce19b44c97f8711ea209b6ffa0763d5bbb496053189685a859477d5d81f0_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:e54b54d3821392f09f3a19bae19b93434dfad6327e8aa910a293ce8eeb6661bb_amd64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:2882b66ef1e76d922697e45ce2c2d7d2cb610894d0291538b816f456d2c46950_s390x",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:c799e7fcecfbc2e2ef573c2c885d88ced5a39f0a15016a927ddb4f5ef6d6299a_arm64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:dffd809542c7760bdf7472627559c49fee48f047504c2e6c3b9f38ecf8baa4bb_amd64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:f723dafd371cbc77bcb92c6dd323bcf9b26880b50a01718ec2a6345b57f75199_ppc64le",
"8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:281b0039a3814d7b49ccdb26c1a94b2067219cd38aad5d757f9b92867c59312e_amd64",
"8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64",
"8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:a3886ce4ebb9d7782b19c6f17791df9d8dfcd0a1ea6558a2b1c597d4a400384a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"8Base-RHOSE-4.12:openshift-tech-preview/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"8Base-RHOSE-4.12:openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"8Base-RHOSE-4.12:openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64",
"8Base-RHOSE-4.12:openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:72cf77954e8a4946961bd20c7b05398f9c99ae15ddde1aca9dfe6eb442b12022_ppc64le",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:a1199349c9f7321b67ec73a3bb7ec8eb02c1892fa8ff60d135c9957a48b1aa7d_arm64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:a2101864a1bdef883ff6493642870fecbe91b0e31ea57a36f918523ec552213b_amd64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall-rhel8-operator@sha256:e723f8ef299deb977eabc5b96adf6f2d1dd37f5a892d338c56bef95bc6f8fd8c_s390x",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:285d86578ee1284e413bd1e991d33bc1d956db5af64e42525afa2216d95dfe74_ppc64le",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:7fa41d4dc5d21f6970e55374a0d3c1d1a1d1e70b802538bae0067add8d17fb2d_arm64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:81c28fa0f67121b63c30f263b287c31dfa63d781226b2c2da6151551fadc2b6f_amd64",
"8Base-RHOSE-4.12:openshift4/ingress-node-firewall@sha256:b98d3493fe884eade42907b7d61a34d56e4da206d5211710862ea7a9b01052db_s390x",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:108683934e0081dd2b47d45b8645da0597e801d6393e0275bba60e557df22118_amd64",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:46e5e9c1a0de429ce010c8413c436b65db487b901559a31ec12d7ad5ac285ee9_arm64",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:780bf0296dfeb56ea236682bde3a200953f52ffc4a7806e57a1b2a9907edc6a0_s390x",
"8Base-RHOSE-4.12:openshift4/kubernetes-nmstate-rhel8-operator@sha256:ed4b83ea6860722a34422419763d8181cc2729c2c66e113e42b004f788715789_ppc64le",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:8a7ff91387a533b4727278f654260f37031a9f25bd8e020e9cc6b8801d2e53ef_amd64",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:8d27e611fdef663f48d1210f3c79861207cd3022c45e6a0b9024783fd3cdfbef_ppc64le",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8-operator@sha256:d017795ad6e97fbfbc4e63c212bb3df8fd253e7fe67e0764571be242e8a67bd6_arm64",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:1a93529f75771c9f387697acb6f7be99df01694d9adc255301fe9bc75221d3ef_ppc64le",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:d3bdd7df1934e0f8facacd04e636fcd76bedf98ca7db5d7d24c30d0b0887680e_s390x",
"8Base-RHOSE-4.12:openshift4/metallb-rhel8@sha256:f23ca252b6e8ffbff4b7556a99aa193b254348f8735dcc21e68e5145e0b6aa07_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:30ef56694e5cf07818c01dde16463a65133effbc045006a74479e34fcefbde70_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:4a623730a2f43a50069d6f4f60e8c91198608852cf52c61aa3a25c111fcdce42_amd64",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:cadb8a46c39d49156600b973e280bd303d6f9050bd06b5a42b77d87e739c74e4_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ansible-operator@sha256:e98cc3ff99e6b1040ffb579e6bb581a02101cb9935ac2a5a69245d3eb8e9773d_s390x",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:478a6fb62e9a5621cd26fc866aef1a0024164b42b37de80714b8e2dd6a366ca5_arm64",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:fbc73cd2015b3623070742fe31df0f41db5a131e5648d65693b1e976c2f5bc6f_amd64",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:7d56e3582f381267397503a4410811d20f8b8fe9500423dd281d92bc740951b4_amd64",
"8Base-RHOSE-4.12:openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:ea669ecbf3fbda745413e79ba33a9d4e71585e0ba8665f200eb0e9a5b8226b9d_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:431482eb58ccfa9795a5750cf74efa63fbcfd1a7594dd66a1b81a0d3b568c217_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:a6022d35a6475e902280dcfb5874ba4be8c196927d481a8c1e27cabbb87c1dbd_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cloud-event-proxy@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:102b294d1a9965c935a74a7eaae9f2e7be4d747bdba1f9860206fb231e057ee3_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:3c0479d783c92f1ebeb9a1fa6201fdb84c594a1ca4412eb095a297ce5c2aa35d_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:268b04348261a217d94e47d8d0e991df849d61ae3bf316928e46b07793a5d5e5_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:63559521c3fd08b0f93fb38fabf6a571459370f6e7135ab63fce64e7c72e0791_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:d8313e2b50118faf522c77b7b008a39e43603f547fd832ccf2b83041643ebcd6_amd64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:fd448c20978cf6a5013f2c520a500a19ac3ca4b1a0a64ef7eead2c6ba8af6a23_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:4382fb0818dd63af22b8fc8fc5cfb614be6f7ea8ea5ced779a528f7c47175880_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:4a15d356228a39cca0126c3df8b30fc2bcbd89e95f1bb24d67c342e01011840d_s390x",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:ba7a52e143b77cf3f1972da8cc02ab5587d0dff77b8e975c522a0fc9f05d59a2_arm64",
"8Base-RHOSE-4.12:openshift4/ose-cluster-nfd-operator@sha256:baf8938374b42f94b453d751edde90e77cc96f33bdbec91e32011f31368903a7_amd64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:020f16bc6aeaaaf6dcb3feee17fdddf7ccc9b98ea5c8a848dc97f486aeb90631_amd64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:22f013044a290eb8810cc0ecfc909c2b9fa01d74bdaea8feb82808cab28e9212_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b388f12cca8cee34bf6703c5111fa157c9cc795dacf68e089ffb45816d3dc0a7_s390x",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:f5182cd7ee2e3c2bb579e818fbc81f66298609c7c211ffa714713704be5f62fc_arm64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:12f3f2b0d1c7b2735dc7770674e6ab8141bc8936f89f8fcca2f037bd10ace649_s390x",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:c82c0e4dab2cbad793f89eb4fa612b37762afb2643432e984d07196637025108_arm64",
"8Base-RHOSE-4.12:openshift4/ose-clusterresourceoverride-rhel8@sha256:eefbf0f8bdfe24fbea91ddd415888cc3a0769d7c0875345d2089170e62dbcc5d_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:ae6d9cb81d64e8a144f48f82f5f016be2e606bc96c2fcdebb1c2551086a76ebc_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:cd33c1243171439b1ffd3d1133922fc078a093095dfb6c6b00c2c0be2c6f72da_amd64",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:e26479f66f80f84815aa411c80ed8ffc2b090fcef1bedfcce49d8f2bd41fd771_s390x",
"8Base-RHOSE-4.12:openshift4/ose-contour-rhel8@sha256:f30257831f2167be88df438a550bafd9670231ba62d04d2f403f898c64c5b013_arm64",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:5b2e6d7f2775d4bb5667c9b945e045bfdaf428570fb27818c70630075c9d1f70_arm64",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:d689ec4ac0e0148633f7bca9005e82461f1951659c2da3a9bffe6038e2101095_s390x",
"8Base-RHOSE-4.12:openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:e2aaf0ab59f87f1fe2723be34e71d6d185bc378ea057e229838a2006c32bbce4_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:5f0b4815098cb9f43b5fcd40581ae93f6f6655c3a3a526aee906368f08e69874_amd64",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:9253717b1bce094dbdd7d9d6af6485e7719d69aef97938c75f991f83392af4ef_arm64",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x",
"8Base-RHOSE-4.12:openshift4/ose-descheduler@sha256:c71f5f4d3f62199c89ef05cba94f805f074500dbbce33efcbb421ed9abc5be12_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9fe6a4dec159fdd43821b3180a1090dcb78609d77fbff26aacaf89c1fcae7392_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:aab06773166b0272d1d62d82d22bdf1aaf38d5c7a380ce3ff6d5ceb1d5901784_amd64",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:3d8a9e5463f9efe11182ac23ab8edcaceb3a122d78df83921483691a32ace0f6_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:65743683d8085a4361a59b85970f5d9fe0b844ade55034ea1d25e385a23ca671_amd64",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:09a9fc0f3e8f11ece0143e301f29386dcc899c41f26b7b06cdc18830fcd3e535_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:65e5e849c5ef5ea84ea3c4e07739938999d8ea2ecefccd5544d8e2ca672ef46a_arm64",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:89951eb78b805680d5289d65cb7c8b4a18d3342f6c51b58e48e73722edcab401_amd64",
"8Base-RHOSE-4.12:openshift4/ose-helm-operator@sha256:9859c36ad6668fa092d1023a3f75a2828b0868951fa309c44e8f431add419288_s390x",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:26f0f068bd1e22fbc3705117817bcf0aa47559aa508504eaf80a781516516d95_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:2a5e32f5ba01ca2d512ff93cc76b17d134923f85ed6241ef0818baff9f9fdf17_arm64",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:631ffa3d29931e673f45fdc427301b56a4a025cc51a32f2756d8ef31de53291f_amd64",
"8Base-RHOSE-4.12:openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:93ffc29f43f0e8a0ea41d09806e66e9d881b17817623ed74dc226fbc80403346_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:90e60cb79ebe1e989d038b2e7eabc7020c4f0d15dfc68a3b8ffa8dfe242df904_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:b4b53f3f4afa79b9a659370b8cbc2cad3116dfc0e2a3678c51147cf20cbd24d4_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-diskmaker@sha256:fca7a0479fe492e61cae73535c25e8d32a4d895761bf886e6338a484c0348fd0_amd64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:12b4caa17dc0c6a579454a4e3204dac180e599e775952f4b42310c1c417e16a0_amd64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:173809679d1180200d81df86c0c8d5824b65edb70253fa641784ac89d162400c_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190_arm64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-mustgather-rhel8@sha256:91cac5f0553d39db5db6c917895739c5aa4c7b8d6d13c7a3a5e44edc3995dd4e_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:136b1a956321aefe3f6840c284a1418c7eef97f1c01acc85195ba32492d4e227_arm64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:4b76c420c27896317fd2bcd6739221cbaa15f86dddeaf0e7615c6519e488d16f_s390x",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64",
"8Base-RHOSE-4.12:openshift4/ose-local-storage-operator@sha256:c6dd84c8fa114fd5e2cb54cd996a4aba42dee3b581a334346e5eaf8b39a3db7e_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:1c6a0888e201605df64b4a0162a21b2364baf1f781cbbacd88a2157b8a4702d8_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:3ddeb65fad850a996347bdf961879dabb1277a5d9ae300a45e87664466294d85_amd64",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:bd2b362dfb3f83a1eaf31cf852fefe7517d9272b508ef671c18c07d542c384c2_s390x",
"8Base-RHOSE-4.12:openshift4/ose-node-feature-discovery@sha256:d0223b0dbd14725bdd3529ddf690fe0ef64a3e43ccde6da44738a3264292219f_arm64",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:20092764d0e33eabdeb74f73502d442d54e9b18ef69ecb84d62b7be17dc16ce4_arm64",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:2eb4baac81c48822b89850e4ca02f2ecaf49dcba63dca5343a4f52587827d330_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:668985fd6b8b8c93e46e75d7fdf98b7d48b5decf897e417a8a2e46a7eb1d98fb_amd64",
"8Base-RHOSE-4.12:openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:1021d8e034641627457b8fc54d33d307c09f815dc5f7fc28bca44314e39c169d_s390x",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:3a5f632a8271a7ebc902eebeed596e0350c2e745b8e041cbe353f15f85df50bf_arm64",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:4e77db56f4263ffd43b5db6dbb008bcc9304103784461f79076d68cc37300b3c_amd64",
"8Base-RHOSE-4.12:openshift4/ose-operator-sdk-rhel8@sha256:c97a39e5c26080bf6ec1d0a7fdd3d5f1ca02fd063f17731ebf7d61c6086d4f07_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:58c0d0aa10dce221251d77cbcb075e231f5ebaa3aba91397fab7ccc49007e3be_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:66aae4c0b92a1594526c3fb959d0baac6a277ac88a2796be9dcb7aa4a48e18ee_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ptp-operator@sha256:e92c59a8d4e936b06cb0de3e438361c96d01cde7f1171589a88c88287d6e7ca2_amd64",
"8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:41c58aa89e406885091d2bc777ce00e14a9a1b10ce9904db8480583f38058504_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:495c6bdf9f1ddf6ba42f160e3459afd57e163025f2b3448b4e1c486be0c1d437_arm64",
"8Base-RHOSE-4.12:openshift4/ose-ptp@sha256:943abb445ca797dd4498970a989ea9fea2289f218021f9217791b2c6f11e7204_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:475a89507d26f315689fa740c7e1732573af4593052399d492bdb33fc2fe9dd3_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:ebab320cd12116d6368e99680d8eabbd48a9552f5fb0fdafa8fe3de8dbeb3748_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-cni@sha256:f7c79c165d548816014e0d66064378e9d069cee6c0ddd353b6a370ea64a6cf9d_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:d3cd88d666e7f66c126fc2d555bc5359f5d4786521b0a874049007b7b71180b1_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:ee8c0a18471ddba9929d40c14331d1a3f168ef01f4763ee85049df9c75193c18_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-dp-admission-controller@sha256:ef957e1d49d8dd4576e7ab4c2d6559d96f294452e846d1f2244dfae1f86a7e33_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:2892b1820ebf7f185f119bf56552e525853b27b0acb8bd935aee9dc29f59c989_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-infiniband-cni@sha256:89ca5677d919fdfd9707c53fd3ab4f0555cfb85d715bbd45475aed20a29082a5_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:2629ac0c79df36ac8beec9467ad2c4963ad10c88544a2774539c0b3aad132329_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:9d23efd1b5d0d5dce268c01867ee7230b5a0a835e7e8133fc159b01fc671645a_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-config-daemon@sha256:bea03b981c6bac55ae89e42d24a49dd3876f3005beb9e4b5ea54be8248b15a45_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:18fa4a04e748adbfa1b793d98f6e8eb906852eb1e8d28d25f66297dc0d4370c9_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:5654025cb60c9c42fa0e638ef2e7a84d89bdf5cfefb8a25ab162687bda8adcb6_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:44ffe87e64a9e73fdb4fabe6d59aa06e802216cda0ee76c06170fdeb7014b82e_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:762ba98cffdce6dd5e9362e944bccc19b866d1b7feaf622f80351e52ce2a6caf_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-operator@sha256:af60d3aa0ad2d4c7db1e5d0b37ffe1e48887ee9e32b937c3605e396a8e0c5b8e_amd64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:7c93705cc65a1575a2d8e775860a032845f09c9014ea22d7d60a644cc7215fee_arm64",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:a68b81fa4f1a32c36a8e4496c037f8e4545b38afdd0f0d226307db3f94463c6e_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-sriov-network-webhook@sha256:cbcc16844ae0319de243aaf1a5a1144f184e33b35e038fcc030ff5f0a4505d2e_amd64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:90ad52c3f906026e9c5576559fec7541bec9a3159690f98990a225f7b45bfe5e_arm64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:bd890d83f7ae835728de79196793adffaf2d19f00141322ac490877c6d0fe873_s390x",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:d85fce19b44c97f8711ea209b6ffa0763d5bbb496053189685a859477d5d81f0_ppc64le",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:e54b54d3821392f09f3a19bae19b93434dfad6327e8aa910a293ce8eeb6661bb_amd64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:2882b66ef1e76d922697e45ce2c2d7d2cb610894d0291538b816f456d2c46950_s390x",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:c799e7fcecfbc2e2ef573c2c885d88ced5a39f0a15016a927ddb4f5ef6d6299a_arm64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:dffd809542c7760bdf7472627559c49fee48f047504c2e6c3b9f38ecf8baa4bb_amd64",
"8Base-RHOSE-4.12:openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:f723dafd371cbc77bcb92c6dd323bcf9b26880b50a01718ec2a6345b57f75199_ppc64le",
"8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:281b0039a3814d7b49ccdb26c1a94b2067219cd38aad5d757f9b92867c59312e_amd64",
"8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64",
"8Base-RHOSE-4.12:openshift4/ptp-must-gather-rhel8@sha256:a3886ce4ebb9d7782b19c6f17791df9d8dfcd0a1ea6558a2b1c597d4a400384a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
}
]
}
RHSA-2023:5931
Vulnerability from csaf_redhat - Published: 2023-10-19 13:15 - Updated: 2026-06-04 17:40Summary
Red Hat Security Advisory: Satellite 6.13.5 Async Security Update
Severity
Important
Notes
Topic: Updated Satellite 6.13 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Security fix(es):
* Yggdrasil-worker-forwarder (gRPC): Rapid Reset Attack through HTTP/2 enabled web service which leads to DDoS attack (CVE-2023-44487 & CVE-2023-39325)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
* Foreman: OS command injection via ct_command and fcct_command (CVE-2022-3874)
* Foreman: Arbitrary code execution through yaml global parameters (CVE-2023-0462)
* GitPython: Remote code execution and improper input validation vulnerability (CVE-2022-24439 & CVE-2023-40267)
* Ruby-git & tfm-rubygem-git: Code injection vulnerability (CVE-2022-47318 & CVE-2022-46648)
* Python-django: Multiple flaws (CVE-2023-31047 & CVE-2023-36053)
* Puppet-agent (openssl): Multiple flaws (CVE-2022-1292 CVE-2022-2068)
This update fixes the following bugs:
2238346 - Red Hat supported provisioning templates are not recognized by RH icon on the row for a given template
2238348 - when creating a backup on rhel7 and restoring on rhel8, the restore process will fail with permission issues
2238350 - Virtual machine goes in re-provisioning mode while registration host using Global registration template.
2238359 - Capsule redundantly synces *-Export-Library repos
2238361 - Can't update the redhat_repository_url without changing the cdn_configuration to custom_cdn
2238363 - katello-certs-check does not cause the installer to halt execution on failure
2238367 - Satellite Web UI >> Hosts >> All Hosts page loading slow even after power isn't selected from the new option "Manage columns".
2238369 - Content-export incremental with syncable format based does not include productid file into repodata directory
2238371 - SELinux is preventing pulpcore-worker from read access on the key labeled pulpcore_server_t
2239041 - Reclaim space for repository fails with Cannot delete some instances of model 'Artifact' because they are referenced through protected foreign keys: 'ContentArtifact.artifact'."
2238353 - The "hammer export" command using single thread encryption causes a performance bottleneck.
2240781 - Remediation from CRC via Satellite shows "Failed" status even after successful remediation of Insights recommendations.
2241914 - "NoMethodError: undefined method `fact_values'" while trying to perform inventory upload
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.
6.7 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
95 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.
6.7 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
95 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Workaround
|
Threats
Impact
Moderate
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.
9.1 (Critical)
Affected products
Fixed
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
Known not affected
57 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Threats
Impact
Important
A remote code execution vulnerability exists in Git-python. By injecting a malicious URL into the clone command, an attacker can exploit this vulnerability as the library makes external calls to git without any input sanitization. This issue leads to complete system compromise.
9.8 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Vendor Fix
fix
|
Known not affected
95 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository.
8.0 (High)
Affected products
Fixed
2 products
Known not affected
97 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Threats
Impact
Important
A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository.
8.0 (High)
Affected products
Fixed
2 products
Known not affected
97 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Threats
Impact
Important
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
9.1 (Critical)
Affected products
Fixed
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
Known not affected
57 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Threats
Impact
Important
A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
95 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Workaround
|
Threats
Impact
Low
A bypass of validation flaw was found in python-django. When uploading multiple files using one form field, an attacker could upload multiple files without validation due to the server only validating the last file uploaded.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Vendor Fix
fix
|
Known not affected
95 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Threats
Impact
Low
A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Vendor Fix
fix
|
Known not affected
95 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
97 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
Threats
Impact
Moderate
An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution.
9.8 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Vendor Fix
fix
|
Known not affected
95 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
7.5 (High)
Affected products
Fixed
2 products
Known not affected
97 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
References
98 references
Acknowledgments
Sophos
Elison Niven
Qingteng 73lab
Chancen
Red Hat
Evgeni Golov
Onsec.io
Andrew Danau
Sam Wheating
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Satellite 6.13 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.\n\nSecurity fix(es):\n\n* Yggdrasil-worker-forwarder (gRPC): Rapid Reset Attack through HTTP/2 enabled web service which leads to DDoS attack (CVE-2023-44487 \u0026 CVE-2023-39325)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\n* Foreman: OS command injection via ct_command and fcct_command (CVE-2022-3874)\n\n* Foreman: Arbitrary code execution through yaml global parameters (CVE-2023-0462)\n\n* GitPython: Remote code execution and improper input validation vulnerability (CVE-2022-24439 \u0026 CVE-2023-40267)\n\n* Ruby-git \u0026 tfm-rubygem-git: Code injection vulnerability (CVE-2022-47318 \u0026 CVE-2022-46648)\n\n* Python-django: Multiple flaws (CVE-2023-31047 \u0026 CVE-2023-36053)\n\n* Puppet-agent (openssl): Multiple flaws (CVE-2022-1292 CVE-2022-2068)\n\nThis update fixes the following bugs:\n\n2238346 - Red Hat supported provisioning templates are not recognized by RH icon on the row for a given template\n2238348 - when creating a backup on rhel7 and restoring on rhel8, the restore process will fail with permission issues\n2238350 - Virtual machine goes in re-provisioning mode while registration host using Global registration template.\n2238359 - Capsule redundantly synces *-Export-Library repos\n2238361 - Can\u0027t update the redhat_repository_url without changing the cdn_configuration to custom_cdn\n2238363 - katello-certs-check does not cause the installer to halt execution on failure\n2238367 - Satellite Web UI \u003e\u003e Hosts \u003e\u003e All Hosts page loading slow even after power isn\u0027t selected from the new option \"Manage columns\".\n2238369 - Content-export incremental with syncable format based does not include productid file into repodata directory\n2238371 - SELinux is preventing pulpcore-worker from read access on the key labeled pulpcore_server_t\n2239041 - Reclaim space for repository fails with Cannot delete some instances of model \u0027Artifact\u0027 because they are referenced through protected foreign keys: \u0027ContentArtifact.artifact\u0027.\"\n2238353 - The \"hammer export\" command using single thread encryption causes a performance bottleneck.\n2240781 - Remediation from CRC via Satellite shows \"Failed\" status even after successful remediation of Insights recommendations. \n2241914 - \"NoMethodError: undefined method `fact_values\u0027\" while trying to perform inventory upload\n\nUsers of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5931",
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/upgrading_and_updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/upgrading_and_updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2081494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
},
{
"category": "external",
"summary": "2097310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
},
{
"category": "external",
"summary": "2140577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140577"
},
{
"category": "external",
"summary": "2151583",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151583"
},
{
"category": "external",
"summary": "2159672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159672"
},
{
"category": "external",
"summary": "2162970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970"
},
{
"category": "external",
"summary": "2169385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169385"
},
{
"category": "external",
"summary": "2192565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192565"
},
{
"category": "external",
"summary": "2218004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218004"
},
{
"category": "external",
"summary": "2231474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231474"
},
{
"category": "external",
"summary": "2238346",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238346"
},
{
"category": "external",
"summary": "2238348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238348"
},
{
"category": "external",
"summary": "2238350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238350"
},
{
"category": "external",
"summary": "2238353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238353"
},
{
"category": "external",
"summary": "2238359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238359"
},
{
"category": "external",
"summary": "2238361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238361"
},
{
"category": "external",
"summary": "2238363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238363"
},
{
"category": "external",
"summary": "2238367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238367"
},
{
"category": "external",
"summary": "2238369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238369"
},
{
"category": "external",
"summary": "2238371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238371"
},
{
"category": "external",
"summary": "2239041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239041"
},
{
"category": "external",
"summary": "2240781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240781"
},
{
"category": "external",
"summary": "2241914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241914"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5931.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.13.5 Async Security Update",
"tracking": {
"current_release_date": "2026-06-04T17:40:56+00:00",
"generator": {
"date": "2026-06-04T17:40:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:5931",
"initial_release_date": "2023-10-19T13:15:21+00:00",
"revision_history": [
{
"date": "2023-10-19T13:15:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-19T13:15:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T17:40:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.13::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.13::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.13::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-maintenance",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_maintenance:6.13::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.5.1.23-1.el8sat.src",
"product": {
"name": "foreman-0:3.5.1.23-1.el8sat.src",
"product_id": "foreman-0:3.5.1.23-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.5.1.23-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.5.2.4-1.el8sat.src",
"product": {
"name": "foreman-installer-1:3.5.2.4-1.el8sat.src",
"product_id": "foreman-installer-1:3.5.2.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.5.2.4-1.el8sat?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.src",
"product": {
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.src",
"product_id": "pulpcore-selinux-0:1.3.3-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pulpcore-selinux@1.3.3-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-django-0:3.2.21-1.el8pc.src",
"product": {
"name": "python-django-0:3.2.21-1.el8pc.src",
"product_id": "python-django-0:3.2.21-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django@3.2.21-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-gitpython-0:3.1.32-1.el8pc.src",
"product": {
"name": "python-gitpython-0:3.1.32-1.el8pc.src",
"product_id": "python-gitpython-0:3.1.32-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-gitpython@3.1.32-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulpcore-0:3.21.18-1.el8pc.src",
"product": {
"name": "python-pulpcore-0:3.21.18-1.el8pc.src",
"product_id": "python-pulpcore-0:3.21.18-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulpcore@3.21.18-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"product": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"product_id": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_maintain@1.2.12-1.el8sat?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"product": {
"name": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"product_id": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_theme_satellite@11.0.0.6-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.7.0.33-1.el8sat.src",
"product": {
"name": "rubygem-katello-0:4.7.0.33-1.el8sat.src",
"product_id": "rubygem-katello-0:4.7.0.33-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.7.0.33-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.13.5-1.el8sat.src",
"product": {
"name": "satellite-0:6.13.5-1.el8sat.src",
"product_id": "satellite-0:6.13.5-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.13.5-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"product": {
"name": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"product_id": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_rh_cloud@7.0.48-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-git-0:1.18.0-1.el8sat.src",
"product": {
"name": "rubygem-git-0:1.18.0-1.el8sat.src",
"product_id": "rubygem-git-0:1.18.0-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-git@1.18.0-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el8sat.src",
"product": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src",
"product_id": "puppet-agent-0:7.26.0-3.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-1.el8sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-service-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"product": {
"name": "foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"product_id": "foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.5.2.4-1.el8sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"product": {
"name": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"product_id": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer-katello@3.5.2.4-1.el8sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python39-django-0:3.2.21-1.el8pc.noarch",
"product": {
"name": "python39-django-0:3.2.21-1.el8pc.noarch",
"product_id": "python39-django-0:3.2.21-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-django@3.2.21-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-gitpython-0:3.1.32-1.el8pc.noarch",
"product": {
"name": "python39-gitpython-0:3.1.32-1.el8pc.noarch",
"product_id": "python39-gitpython-0:3.1.32-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-gitpython@3.1.32-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"product": {
"name": "python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"product_id": "python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulpcore@3.21.18-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"product_id": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_maintain@1.2.12-1.el8sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"product_id": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_theme_satellite@11.0.0.6-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"product": {
"name": "rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"product_id": "rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.7.0.33-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.13.5-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.13.5-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.13.5-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.13.5-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.13.5-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.13.5-1.el8sat.noarch",
"product_id": "satellite-common-0:6.13.5-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.13.5-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.13.5-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.13.5-1.el8sat.noarch",
"product_id": "satellite-0:6.13.5-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.13.5-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.13.5-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.13.5-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.13.5-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.13.5-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"product_id": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_rh_cloud@7.0.48-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-git-0:1.18.0-1.el8sat.noarch",
"product": {
"name": "rubygem-git-0:1.18.0-1.el8sat.noarch",
"product_id": "rubygem-git-0:1.18.0-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-git@1.18.0-1.el8sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"product": {
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"product_id": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pulpcore-selinux@1.3.3-1.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product_id": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-1.el8sat?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.5.1.23-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src"
},
"product_reference": "foreman-0:3.5.1.23-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.5.2.4-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch"
},
"product_reference": "foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.5.2.4-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src"
},
"product_reference": "foreman-installer-1:3.5.2.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src"
},
"product_reference": "pulpcore-selinux-0:1.3.3-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64"
},
"product_reference": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64 as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.21-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src"
},
"product_reference": "python-django-0:3.2.21-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gitpython-0:3.1.32-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src"
},
"product_reference": "python-gitpython-0:3.1.32-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.21.18-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.21.18-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-0:3.2.21-1.el8pc.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch"
},
"product_reference": "python39-django-0:3.2.21-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-gitpython-0:3.1.32-1.el8pc.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch"
},
"product_reference": "python39-gitpython-0:3.1.32-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.21.18-1.el8pc.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.13.5-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src"
},
"product_reference": "satellite-0:6.13.5-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.5.1.23-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src"
},
"product_reference": "foreman-0:3.5.1.23-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.13.5-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src"
},
"product_reference": "satellite-0:6.13.5-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.5.1.23-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src"
},
"product_reference": "foreman-0:3.5.1.23-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.5.2.4-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch"
},
"product_reference": "foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.5.2.4-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src"
},
"product_reference": "foreman-installer-1:3.5.2.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src"
},
"product_reference": "pulpcore-selinux-0:1.3.3-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64"
},
"product_reference": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64 as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.21-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src"
},
"product_reference": "python-django-0:3.2.21-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gitpython-0:3.1.32-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src"
},
"product_reference": "python-gitpython-0:3.1.32-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.21.18-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.21.18-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-0:3.2.21-1.el8pc.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch"
},
"product_reference": "python39-django-0:3.2.21-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-gitpython-0:3.1.32-1.el8pc.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch"
},
"product_reference": "python39-gitpython-0:3.1.32-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.21.18-1.el8pc.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src"
},
"product_reference": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src"
},
"product_reference": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-git-0:1.18.0-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch"
},
"product_reference": "rubygem-git-0:1.18.0-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-git-0:1.18.0-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src"
},
"product_reference": "rubygem-git-0:1.18.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.7.0.33-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch"
},
"product_reference": "rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.7.0.33-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src"
},
"product_reference": "rubygem-katello-0:4.7.0.33-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.13.5-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src"
},
"product_reference": "satellite-0:6.13.5-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.13"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Elison Niven"
],
"organization": "Sophos",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-1292",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2022-05-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2081494"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: c_rehash script allows command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux uses a system-wide store of trusted certificates bundled in a single file and updated via `update-ca-trust`. The `c_rehash` script is not included in the default installation on any supported RHEL version, and is never executed automatically. For these reasons, this flaw has been rated as having a security impact of Moderate.\n\nRed Hat Enterprise Linux 7 provides a vulnerable version of the `c_rehash` script in the `openssl-perl` package, available only through the unsupported Optional repository. As the Optional repository is not supported and Red Hat Enterprise Linux 7 is in Maintenance Support 2 Phase, this issue is not planned to be addressed there.\n\nRed Hat Satellite ships an affected version of the `c_rehash` script embedded in `puppet-agent` package, however, the product is not vulnerable since it does not execute scripts with untrusted data. Moreover, the scriplet is owned by root user and is supposed to be accessed only by administrators.\n\nRed Hat updates the OpenSSL compatibility packages (compat-openssl) to only address Important or Critical security issues with backported security patches.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1292"
},
{
"category": "external",
"summary": "RHBZ#2081494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1292",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1292"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20220503.txt",
"url": "https://www.openssl.org/news/secadv/20220503.txt"
}
],
"release_date": "2022-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
},
{
"category": "workaround",
"details": "As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: c_rehash script allows command injection"
},
{
"acknowledgments": [
{
"names": [
"Chancen"
],
"organization": "Qingteng 73lab",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-2068",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2022-06-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2097310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: the c_rehash script allows command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux uses a system-wide store of trusted certificates bundled in a single file and updated via `update-ca-trust`. The `c_rehash` script is not included in the default installation on any supported RHEL version and is never executed automatically. For these reasons, this flaw has been rated as having a security impact of Moderate.\n\nRed Hat Enterprise Linux 7 provides a vulnerable version of the `c_rehash` script in the `openssl-perl` package, available only through the unsupported Optional repository. As the Optional repository is not supported and Red Hat Enterprise Linux 7 is in Maintenance Support 2 Phase, this issue is not planned to be addressed there.\n\nRed Hat Satellite ships an affected version of the `c_rehash` script embedded in `puppet-agent` package, however, the product is not vulnerable since it does not execute scripts with untrusted data. Moreover, the scriplet is owned by root user and is supposed to be accessed only by administrators.\n\nRed Hat updates the OpenSSL compatibility packages (compat-openssl) to only address Important or Critical security issues with backported security patches.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2068"
},
{
"category": "external",
"summary": "RHBZ#2097310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2068"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20220621.txt",
"url": "https://www.openssl.org/news/secadv/20220621.txt"
}
],
"release_date": "2022-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
},
{
"category": "workaround",
"details": "As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command-line tool.",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: the c_rehash script allows command injection"
},
{
"acknowledgments": [
{
"names": [
"Evgeni Golov"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
},
{
"names": [
"Andrew Danau"
],
"organization": "Onsec.io"
}
],
"cve": "CVE-2022-3874",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2022-11-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140577"
}
],
"notes": [
{
"category": "description",
"text": "A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "foreman: OS command injection via ct_command and fcct_command",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3874"
},
{
"category": "external",
"summary": "RHBZ#2140577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140577"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3874"
}
],
"release_date": "2023-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "foreman: OS command injection via ct_command and fcct_command"
},
{
"acknowledgments": [
{
"names": [
"Sam Wheating"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-24439",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-12-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2151583"
}
],
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability exists in Git-python. By injecting a malicious URL into the clone command, an attacker can exploit this vulnerability as the library makes external calls to git without any input sanitization. This issue leads to complete system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GitPython: improper user input validation leads into a RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Across all supported releases of Red Hat OpenStack Platform the usage of a compromised GitPython API (clone_from()) is quite limited. The only people capable of exploiting this vulnerability are system administrators. For this reason, the impact has been downgraded to medium.\n\nThe impact to Red Hat OpenStack Platform 17 is rated Low as the compromised function is not in use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24439"
},
{
"category": "external",
"summary": "RHBZ#2151583",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151583"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24439",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24439"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24439",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24439"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858",
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858"
}
],
"release_date": "2022-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "GitPython: improper user input validation leads into a RCE"
},
{
"cve": "CVE-2022-46648",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-01-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169385"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby-git: code injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46648"
},
{
"category": "external",
"summary": "RHBZ#2169385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46648"
},
{
"category": "external",
"summary": "https://jvn.jp/en/jp/JVN16765254/",
"url": "https://jvn.jp/en/jp/JVN16765254/"
}
],
"release_date": "2023-01-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ruby-git: code injection vulnerability"
},
{
"cve": "CVE-2022-47318",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-01-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2159672"
}
],
"notes": [
{
"category": "description",
"text": "A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby-git: code injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-47318"
},
{
"category": "external",
"summary": "RHBZ#2159672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159672"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-47318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-47318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47318"
},
{
"category": "external",
"summary": "https://jvn.jp/en/jp/JVN16765254/",
"url": "https://jvn.jp/en/jp/JVN16765254/"
}
],
"release_date": "2023-01-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ruby-git: code injection vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Andrew Danau"
],
"organization": "Onsec.io"
}
],
"cve": "CVE-2023-0462",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2162970"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Satellite/Foreman: Arbitrary code execution through yaml global parameters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0462"
},
{
"category": "external",
"summary": "RHBZ#2162970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0462"
}
],
"release_date": "2023-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Satellite/Foreman: Arbitrary code execution through yaml global parameters"
},
{
"cve": "CVE-2023-3817",
"discovery_date": "2023-07-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2227852"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenSSL: Excessive time spent checking DH q parameter value",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in OpenSSL is considered low severity primarily because it requires specific conditions to be exploited and has limited impact. While excessive computation time during DH parameter checks could potentially lead to denial of service (DoS) attacks, the likelihood of successful exploitation is relatively low. Additionally, the vulnerability mainly affects applications that use certain OpenSSL functions for DH parameter validation, rather than the broader SSL/TLS implementation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3817"
},
{
"category": "external",
"summary": "RHBZ#2227852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227852"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3817"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230731.txt",
"url": "https://www.openssl.org/news/secadv/20230731.txt"
}
],
"release_date": "2023-07-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenSSL: Excessive time spent checking DH q parameter value"
},
{
"cve": "CVE-2023-31047",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-04-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2192565"
}
],
"notes": [
{
"category": "description",
"text": "A bypass of validation flaw was found in python-django. When uploading multiple files using one form field, an attacker could upload multiple files without validation due to the server only validating the last file uploaded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-django: Potential bypass of validation when uploading multiple files using one form field",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite and Red Hat Update Infrastructure individual impact ratings have been set to Low since initial privileges are required in order to access the server and the vulnerable functionality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-31047"
},
{
"category": "external",
"summary": "RHBZ#2192565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192565"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-31047",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-31047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31047"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2023/may/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2023/may/03/security-releases/"
}
],
"release_date": "2023-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python-django: Potential bypass of validation when uploading multiple files using one form field"
},
{
"cve": "CVE-2023-36053",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2218004"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-36053"
},
{
"category": "external",
"summary": "RHBZ#2218004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-36053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36053"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/"
}
],
"release_date": "2023-07-03T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-40267",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-08-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2231474"
}
],
"notes": [
{
"category": "description",
"text": "An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GitPython: Insecure non-multi options in clone and clone_from is not blocked",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Openstack, Red Hat Ansible Automation Platform, and Red Hat Certification Program, while the gitpython dependency is present, the affected codebase is not being used. \n\nRed Hat Satellite does not use the affected functions during runtime, therefore the possible impact is limited to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40267"
},
{
"category": "external",
"summary": "RHBZ#2231474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231474"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40267"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-pr76-5cm5-w9cj",
"url": "https://github.com/advisories/GHSA-pr76-5cm5-w9cj"
}
],
"release_date": "2023-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "GitPython: Insecure non-multi options in clone and clone_from is not blocked"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…