Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-45803 (GCVE-0-2023-45803)
Vulnerability from cvelistv5 – Published: 2023-10-17 19:43 – Updated: 2025-11-03 21:49
VLAI
EPSS
Title
Request body not stripped after redirect in urllib3
Summary
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
Severity
4.2 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
6 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:49:53.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4"
},
{
"name": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9"
},
{
"name": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T15:56:19.991921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T15:56:30.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "urllib3",
"vendor": "urllib3",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.7"
},
{
"status": "affected",
"version": "\u003c 1.26.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn\u0027t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren\u0027t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn\u0027t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren\u0027t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T21:06:24.988Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4"
},
{
"name": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9"
},
{
"name": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/"
}
],
"source": {
"advisory": "GHSA-g4mx-q9vg-27p4",
"discovery": "UNKNOWN"
},
"title": "Request body not stripped after redirect in urllib3"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45803",
"datePublished": "2023-10-17T19:43:45.404Z",
"dateReserved": "2023-10-13T12:00:50.435Z",
"dateUpdated": "2025-11-03T21:49:53.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-45803",
"date": "2026-05-31",
"epss": "0.00056",
"percentile": "0.17746"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-45803\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-10-17T20:15:10.070\",\"lastModified\":\"2025-11-03T22:16:28.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn\u0027t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren\u0027t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn\u0027t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren\u0027t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\"},{\"lang\":\"es\",\"value\":\"urllib3 es una librer\u00eda cliente HTTP f\u00e1cil de usar para Python. Anteriormente, urllib3 no eliminaba el cuerpo de la solicitud HTTP cuando una respuesta de redirecci\u00f3n HTTP usaba el estado 301, 302 o 303 despu\u00e9s de que la solicitud cambiara su m\u00e9todo de uno que pudiera aceptar un cuerpo de solicitud (como `POST`) a `GET` tal como est\u00e1. requerido por los RFC HTTP. Aunque este comportamiento no se especifica en la secci\u00f3n de redirecciones, se puede inferir reuniendo informaci\u00f3n de diferentes secciones y hemos observado el comportamiento en otras implementaciones importantes de clientes HTTP como curl y navegadores web. Debido a que la vulnerabilidad requiere que un servicio previamente confiable se vea comprometido para tener un impacto en la confidencialidad, creemos que la explotabilidad de esta vulnerabilidad es baja. Adem\u00e1s, muchos usuarios no colocan datos confidenciales en los cuerpos de solicitud HTTP; si este es el caso, entonces esta vulnerabilidad no es explotable. Las dos condiciones siguientes deben ser ciertas para verse afectado por esta vulnerabilidad: 1. Usar urllib3 y enviar informaci\u00f3n confidencial en el cuerpo de la solicitud HTTP (como datos de formulario o JSON) y 2. El servicio de origen est\u00e1 comprometido y comienza a redireccionar usando 301. 302 o 303 a un par malicioso o el servicio redirigido se ve comprometido. Este problema se solucion\u00f3 en las versiones 1.26.18 y 2.0.7 y se recomienda a los usuarios que actualicen para resolverlo. Los usuarios que no puedan actualizar deben deshabilitar los redireccionamientos para servicios que no esperan responder con redireccionamientos con `redirects=False` y deshabilitar los redireccionamientos autom\u00e1ticos con `redirects=False` y manejar los redireccionamientos 301, 302 y 303 manualmente eliminando el cuerpo de la solicitud HTTP.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.5,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.5,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.26.18\",\"matchCriteriaId\":\"3F2284A6-F467-4419-9AF7-9FFD133B04E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.7\",\"matchCriteriaId\":\"6A586164-F448-431C-8966-14E145A82BB5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}],\"references\":[{\"url\":\"https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.rfc-editor.org/rfc/rfc9110.html#name-get\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.rfc-editor.org/rfc/rfc9110.html#name-get\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4\", \"name\": \"https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9\", \"name\": \"https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.rfc-editor.org/rfc/rfc9110.html#name-get\", \"name\": \"https://www.rfc-editor.org/rfc/rfc9110.html#name-get\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:49:53.115Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45803\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-13T15:56:19.991921Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-13T15:56:25.915Z\"}}], \"cna\": {\"title\": \"Request body not stripped after redirect in urllib3\", \"source\": {\"advisory\": \"GHSA-g4mx-q9vg-27p4\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.2, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"urllib3\", \"product\": \"urllib3\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 2.0.0, \u003c 2.0.7\"}, {\"status\": \"affected\", \"version\": \"\u003c 1.26.18\"}]}], \"references\": [{\"url\": \"https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4\", \"name\": \"https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9\", \"name\": \"https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.rfc-editor.org/rfc/rfc9110.html#name-get\", \"name\": \"https://www.rfc-editor.org/rfc/rfc9110.html#name-get\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn\u0027t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren\u0027t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn\u0027t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren\u0027t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-11-03T21:06:24.988Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-45803\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:49:53.115Z\", \"dateReserved\": \"2023-10-13T12:00:50.435Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-10-17T19:43:45.404Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2023-45803
Vulnerability from fkie_nvd - Published: 2023-10-17 20:15 - Updated: 2025-11-03 22:16
Severity
4.2 (Medium) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.2 (Medium) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.2 (Medium) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2284A6-F467-4419-9AF7-9FFD133B04E5",
"versionEndExcluding": "1.26.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A586164-F448-431C-8966-14E145A82BB5",
"versionEndExcluding": "2.0.7",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn\u0027t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren\u0027t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn\u0027t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren\u0027t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body."
},
{
"lang": "es",
"value": "urllib3 es una librer\u00eda cliente HTTP f\u00e1cil de usar para Python. Anteriormente, urllib3 no eliminaba el cuerpo de la solicitud HTTP cuando una respuesta de redirecci\u00f3n HTTP usaba el estado 301, 302 o 303 despu\u00e9s de que la solicitud cambiara su m\u00e9todo de uno que pudiera aceptar un cuerpo de solicitud (como `POST`) a `GET` tal como est\u00e1. requerido por los RFC HTTP. Aunque este comportamiento no se especifica en la secci\u00f3n de redirecciones, se puede inferir reuniendo informaci\u00f3n de diferentes secciones y hemos observado el comportamiento en otras implementaciones importantes de clientes HTTP como curl y navegadores web. Debido a que la vulnerabilidad requiere que un servicio previamente confiable se vea comprometido para tener un impacto en la confidencialidad, creemos que la explotabilidad de esta vulnerabilidad es baja. Adem\u00e1s, muchos usuarios no colocan datos confidenciales en los cuerpos de solicitud HTTP; si este es el caso, entonces esta vulnerabilidad no es explotable. Las dos condiciones siguientes deben ser ciertas para verse afectado por esta vulnerabilidad: 1. Usar urllib3 y enviar informaci\u00f3n confidencial en el cuerpo de la solicitud HTTP (como datos de formulario o JSON) y 2. El servicio de origen est\u00e1 comprometido y comienza a redireccionar usando 301. 302 o 303 a un par malicioso o el servicio redirigido se ve comprometido. Este problema se solucion\u00f3 en las versiones 1.26.18 y 2.0.7 y se recomienda a los usuarios que actualicen para resolverlo. Los usuarios que no puedan actualizar deben deshabilitar los redireccionamientos para servicios que no esperan responder con redireccionamientos con `redirects=False` y deshabilitar los redireccionamientos autom\u00e1ticos con `redirects=False` y manejar los redireccionamientos 301, 302 y 303 manualmente eliminando el cuerpo de la solicitud HTTP."
}
],
"id": "CVE-2023-45803",
"lastModified": "2025-11-03T22:16:28.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-17T20:15:10.070",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-G4MX-Q9VG-27P4
Vulnerability from github – Published: 2023-10-17 20:15 – Updated: 2025-11-04 16:46
VLAI
Summary
urllib3's request body not stripped after redirect from 303 status changes request method to GET
Details
urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 303 "See Other" after the request had its method changed from one that could accept a request body (like POST) to GET as is required by HTTP RFCs. Although the behavior of removing the request body is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers.
From RFC 9110 Section 9.3.1:
A client SHOULD NOT generate content in a GET request unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported.
Affected usages
Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable.
Both of the following conditions must be true to be affected by this vulnerability:
- If you're using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON)
- The origin service is compromised and starts redirecting using 303 to a malicious peer or the redirected-to service becomes compromised.
Remediation
You can remediate this vulnerability with any of the following steps:
- Upgrade to a patched version of urllib3 (v1.26.18 or v2.0.7)
- Disable redirects for services that you aren't expecting to respond with redirects with
redirects=False. - Disable automatic redirects with
redirects=Falseand handle 303 redirects manually by stripping the HTTP request body.
Severity
4.2 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "urllib3"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "urllib3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.26.18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-45803"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-17T20:15:25Z",
"nvd_published_at": "2023-10-17T20:15:10Z",
"severity": "MODERATE"
},
"details": "urllib3 previously wouldn\u0027t remove the HTTP request body when an HTTP redirect response using status 303 \"See Other\" after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although the behavior of removing the request body is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers.\n\nFrom [RFC 9110 Section 9.3.1](https://www.rfc-editor.org/rfc/rfc9110.html#name-get):\n\n\u003e A client SHOULD NOT generate content in a GET request unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported.\n\n## Affected usages\n\nBecause the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren\u0027t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn\u0027t exploitable.\n\nBoth of the following conditions must be true to be affected by this vulnerability:\n\n* If you\u0027re using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON)\n* The origin service is compromised and starts redirecting using 303 to a malicious peer or the redirected-to service becomes compromised.\n\n## Remediation\n\nYou can remediate this vulnerability with any of the following steps:\n\n* Upgrade to a patched version of urllib3 (v1.26.18 or v2.0.7)\n* Disable redirects for services that you aren\u0027t expecting to respond with redirects with `redirects=False`.\n* Disable automatic redirects with `redirects=False` and handle 303 redirects manually by stripping the HTTP request body.",
"id": "GHSA-g4mx-q9vg-27p4",
"modified": "2025-11-04T16:46:22Z",
"published": "2023-10-17T20:15:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45803"
},
{
"type": "WEB",
"url": "https://github.com/urllib3/urllib3/commit/4e50fbc5db74e32cabd5ccc1ab81fc103adfe0b3"
},
{
"type": "WEB",
"url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9"
},
{
"type": "WEB",
"url": "https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-212.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/urllib3/urllib3"
},
{
"type": "WEB",
"url": "https://github.com/urllib3/urllib3/releases/tag/1.26.18"
},
{
"type": "WEB",
"url": "https://github.com/urllib3/urllib3/releases/tag/2.0.7"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX"
},
{
"type": "WEB",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "urllib3\u0027s request body not stripped after redirect from 303 status changes request method to GET"
}
GSD-2023-45803
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-45803",
"id": "GSD-2023-45803"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-45803"
],
"details": "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn\u0027t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren\u0027t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn\u0027t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren\u0027t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n",
"id": "GSD-2023-45803",
"modified": "2023-12-13T01:20:38.306053Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-45803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "urllib3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003e= 2.0.0, \u003c 2.0.7"
},
{
"version_affected": "=",
"version_value": "\u003c 1.26.18"
}
]
}
}
]
},
"vendor_name": "urllib3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn\u0027t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren\u0027t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn\u0027t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren\u0027t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-200",
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4",
"refsource": "MISC",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4"
},
{
"name": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9",
"refsource": "MISC",
"url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9"
},
{
"name": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get",
"refsource": "MISC",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/"
}
]
},
"source": {
"advisory": "GHSA-g4mx-q9vg-27p4",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.7",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.26.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-45803"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn\u0027t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren\u0027t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn\u0027t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren\u0027t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4"
},
{
"name": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get"
},
{
"name": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/",
"refsource": "MISC",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/",
"refsource": "MISC",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/",
"refsource": "MISC",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-11-03T22:15Z",
"publishedDate": "2023-10-17T20:15Z"
}
}
}
MSRC_CVE-2023-45803
Vulnerability from csaf_microsoft - Published: 2023-10-01 00:00 - Updated: 2026-02-20 23:15Summary
Request body not stripped after redirect in urllib3
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
4.2 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 20028-17084 | — | ||
| Unresolved product id: 18017-17086 | — | ||
| Unresolved product id: 17690-17084 | — | ||
| Unresolved product id: 17714-17084 | — | ||
| Unresolved product id: 17693-17084 | — | ||
| Unresolved product id: 19849-17086 | — | ||
| Unresolved product id: 19681-17086 | — | ||
| Unresolved product id: 17171-17086 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-1 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-5 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-6 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-7 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-2 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-3 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-11 | — |
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-9 | — | ||
| Unresolved product id: 17084-10 | — | ||
| Unresolved product id: 17084-4 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45803 Request body not stripped after redirect in urllib3 - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-45803.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Request body not stripped after redirect in urllib3",
"tracking": {
"current_release_date": "2026-02-20T23:15:38.000Z",
"generator": {
"date": "2026-02-21T02:42:38.597Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-45803",
"initial_release_date": "2023-10-01T00:00:00.000Z",
"revision_history": [
{
"date": "2023-10-23T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-08-29T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
},
{
"date": "2024-08-30T00:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
},
{
"date": "2024-08-31T00:00:00.000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Information published."
},
{
"date": "2024-09-01T00:00:00.000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Information published."
},
{
"date": "2024-09-02T00:00:00.000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Information published."
},
{
"date": "2024-09-03T00:00:00.000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Information published."
},
{
"date": "2024-09-05T00:00:00.000Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Information published."
},
{
"date": "2024-09-06T00:00:00.000Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Information published."
},
{
"date": "2024-09-07T00:00:00.000Z",
"legacy_version": "1.9",
"number": "10",
"summary": "Information published."
},
{
"date": "2024-09-08T00:00:00.000Z",
"legacy_version": "2",
"number": "11",
"summary": "Information published."
},
{
"date": "2024-09-11T00:00:00.000Z",
"legacy_version": "2.1",
"number": "12",
"summary": "Information published."
},
{
"date": "2024-10-25T00:00:00.000Z",
"legacy_version": "2.2",
"number": "13",
"summary": "Added python-pip to Azure Linux 3.0\nAdded python-urllib3 to Azure Linux 3.0\nAdded python-urllib3 to CBL-Mariner 2.0"
},
{
"date": "2025-03-14T00:00:00.000Z",
"legacy_version": "2.3",
"number": "14",
"summary": "Added python3 to Azure Linux 3.0\nAdded python-pip to Azure Linux 3.0\nAdded python-urllib3 to Azure Linux 3.0\nAdded python-urllib3 to CBL-Mariner 2.0"
},
{
"date": "2025-07-18T00:00:00.000Z",
"legacy_version": "3",
"number": "15",
"summary": "Added python3 to CBL-Mariner 2.0\nAdded python-urllib3 to CBL-Mariner 2.0\nAdded python3 to Azure Linux 3.0\nAdded python-pip to Azure Linux 3.0\nAdded python-urllib3 to Azure Linux 3.0"
},
{
"date": "2026-02-20T23:15:38.000Z",
"legacy_version": "4",
"number": "16",
"summary": "Information published."
}
],
"status": "final",
"version": "16"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 python-urllib3 2.0.4-1",
"product": {
"name": "\u003cazl3 python-urllib3 2.0.4-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 python-urllib3 2.0.4-1",
"product": {
"name": "azl3 python-urllib3 2.0.4-1",
"product_id": "20028"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 python-urllib3 1.26.18-1",
"product": {
"name": "\u003ccbl2 python-urllib3 1.26.18-1",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "cbl2 python-urllib3 1.26.18-1",
"product": {
"name": "cbl2 python-urllib3 1.26.18-1",
"product_id": "18017"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python-urllib3 2.0.7-1",
"product": {
"name": "\u003cazl3 python-urllib3 2.0.7-1",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "azl3 python-urllib3 2.0.7-1",
"product": {
"name": "azl3 python-urllib3 2.0.7-1",
"product_id": "17714"
}
}
],
"category": "product_name",
"name": "python-urllib3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 python-pip 24.2-1",
"product": {
"name": "\u003cazl3 python-pip 24.2-1",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "azl3 python-pip 24.2-1",
"product": {
"name": "azl3 python-pip 24.2-1",
"product_id": "17690"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python-pip 24.0-2",
"product": {
"name": "\u003cazl3 python-pip 24.0-2",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "azl3 python-pip 24.0-2",
"product": {
"name": "azl3 python-pip 24.0-2",
"product_id": "17693"
}
}
],
"category": "product_name",
"name": "python-pip"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 python-virtualenv 20.26.6-1",
"product": {
"name": "\u003ccbl2 python-virtualenv 20.26.6-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 python-virtualenv 20.26.6-1",
"product": {
"name": "cbl2 python-virtualenv 20.26.6-1",
"product_id": "19849"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 python-virtualenv 20.26.6-1",
"product": {
"name": "\u003ccbl2 python-virtualenv 20.26.6-1",
"product_id": "11"
}
},
{
"category": "product_version",
"name": "cbl2 python-virtualenv 20.26.6-1",
"product": {
"name": "cbl2 python-virtualenv 20.26.6-1",
"product_id": "17171"
}
}
],
"category": "product_name",
"name": "python-virtualenv"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 python3 3.9.19-13",
"product": {
"name": "\u003ccbl2 python3 3.9.19-13",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 python3 3.9.19-13",
"product": {
"name": "cbl2 python3 3.9.19-13",
"product_id": "19681"
}
}
],
"category": "product_name",
"name": "python3"
},
{
"category": "product_name",
"name": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "azl3 tensorflow 2.16.1-9",
"product_id": "9"
}
},
{
"category": "product_name",
"name": "azl3 python3 3.12.3-5",
"product": {
"name": "azl3 python3 3.12.3-5",
"product_id": "10"
}
},
{
"category": "product_name",
"name": "azl3 mozjs 102.15.1-1",
"product": {
"name": "azl3 mozjs 102.15.1-1",
"product_id": "4"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-urllib3 2.0.4-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-urllib3 2.0.4-1 as a component of Azure Linux 3.0",
"product_id": "20028-17084"
},
"product_reference": "20028",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
"product_id": "17084-9"
},
"product_reference": "9",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python3 3.12.3-5 as a component of Azure Linux 3.0",
"product_id": "17084-10"
},
"product_reference": "10",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 python-urllib3 1.26.18-1 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-urllib3 1.26.18-1 as a component of CBL Mariner 2.0",
"product_id": "18017-17086"
},
"product_reference": "18017",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-pip 24.2-1 as a component of Azure Linux 3.0",
"product_id": "17084-8"
},
"product_reference": "8",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-pip 24.2-1 as a component of Azure Linux 3.0",
"product_id": "17690-17084"
},
"product_reference": "17690",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-urllib3 2.0.7-1 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-urllib3 2.0.7-1 as a component of Azure Linux 3.0",
"product_id": "17714-17084"
},
"product_reference": "17714",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-pip 24.0-2 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-pip 24.0-2 as a component of Azure Linux 3.0",
"product_id": "17693-17084"
},
"product_reference": "17693",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 mozjs 102.15.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 python-virtualenv 20.26.6-1 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-virtualenv 20.26.6-1 as a component of CBL Mariner 2.0",
"product_id": "19849-17086"
},
"product_reference": "19849",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 python3 3.9.19-13 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python3 3.9.19-13 as a component of CBL Mariner 2.0",
"product_id": "19681-17086"
},
"product_reference": "19681",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 python-virtualenv 20.26.6-1 as a component of CBL Mariner 2.0",
"product_id": "17086-11"
},
"product_reference": "11",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-virtualenv 20.26.6-1 as a component of CBL Mariner 2.0",
"product_id": "17171-17086"
},
"product_reference": "17171",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45803",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-9",
"17084-10",
"17084-4"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20028-17084",
"18017-17086",
"17690-17084",
"17714-17084",
"17693-17084",
"19849-17086",
"19681-17086",
"17171-17086"
],
"known_affected": [
"17084-1",
"17086-5",
"17084-8",
"17084-6",
"17084-7",
"17086-2",
"17086-3",
"17086-11"
],
"known_not_affected": [
"17084-9",
"17084-10",
"17084-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45803 Request body not stripped after redirect in urllib3 - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-45803.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-23T00:00:00.000Z",
"details": "2.0.7-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1",
"17084-6"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-23T00:00:00.000Z",
"details": "1.26.18-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-5"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-23T00:00:00.000Z",
"details": "24.2-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-8",
"17084-7"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-23T00:00:00.000Z",
"details": "Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-23T00:00:00.000Z",
"details": "3.9.19-14:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 4.2,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"17084-1",
"17086-5",
"17084-8",
"17084-6",
"17084-7",
"17086-2",
"17086-3",
"17086-11"
]
}
],
"title": "Request body not stripped after redirect in urllib3"
}
]
}
NCSC-2025-0028
Vulnerability from csaf_ncscnl - Published: 2025-01-22 13:36 - Updated: 2025-01-22 13:36Summary
Kwetsbaarheden verholpen in Oracle Analytics
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Analytics producten, zoals Business Intelligence, Analytics Desktop en BI Publisher.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of zich toegang te verschaffen tot gevoelige gegevens.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-416: Use After Free
CWE-476: NULL Pointer Dereference
CWE-400: Uncontrolled Resource Consumption
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-502: Deserialization of Untrusted Data
CWE-248: Uncaught Exception
CWE-674: Uncontrolled Recursion
CWE-611: Improper Restriction of XML External Entity Reference
CWE-787: Out-of-bounds Write
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-789: Memory Allocation with Excessive Size Value
CWE-20: Improper Input Validation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1395: Dependency on Vulnerable Third-Party Component
CWE-670: Always-Incorrect Control Flow Implementation
CWE-399: CWE-399
CWE-326: Inadequate Encryption Strength
CWE-669: Incorrect Resource Transfer Between Spheres
CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-834: Excessive Iteration
CWE-311: Missing Encryption of Sensitive Data
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-125: Out-of-bounds Read
CWE-404: Improper Resource Shutdown or Release
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333: Inefficient Regular Expression Complexity
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.3.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.3.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_storage_service_integration___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:5.9.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.3.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.3.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_storage_service_integration___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
9.1 (Critical)
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:5.9.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.3.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.3.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_storage_service_integration___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.5.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
CWE-248
- Uncaught Exception
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
8.6 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:prior_to_7.8.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
4.4 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
|
— |
8.2 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
CWE-416
- Use After Free
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
|
— |
9.1 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
8.2 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
6.1 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
7.3 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— | |
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
|
— |
5.4 (Medium)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence_enterprise_edition
oracle
|
cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
5.7 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
8.6 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
4.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
8.0 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*
|
— | |
|
bi_publisher
oracle
|
cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*
|
— | |
|
business_intelligence
oracle
|
cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
analytics_desktop
oracle
|
cpe:2.3:a:oracle:analytics_desktop:prior_to_8.1.0:*:*:*:*:*:*:*
|
— |
References
40 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Analytics producten, zoals Business Intelligence, Analytics Desktop en BI Publisher.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of zich toegang te verschaffen tot gevoelige gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Uncaught Exception",
"title": "CWE-248"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
},
{
"category": "general",
"text": "Always-Incorrect Control Flow Implementation",
"title": "CWE-670"
},
{
"category": "general",
"text": "CWE-399",
"title": "CWE-399"
},
{
"category": "general",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
},
{
"category": "general",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
},
{
"category": "general",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "general",
"text": "Excessive Iteration",
"title": "CWE-834"
},
{
"category": "general",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Analytics",
"tracking": {
"current_release_date": "2025-01-22T13:36:58.196605Z",
"id": "NCSC-2025-0028",
"initial_release_date": "2025-01-22T13:36:58.196605Z",
"revision_history": [
{
"date": "2025-01-22T13:36:58.196605Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "business_intelligence",
"product": {
"name": "business_intelligence",
"product_id": "CSAFPID-1503296",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence",
"product": {
"name": "business_intelligence",
"product_id": "CSAFPID-220360",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:*:enterprise:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence",
"product": {
"name": "business_intelligence",
"product_id": "CSAFPID-135810",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence",
"product": {
"name": "business_intelligence",
"product_id": "CSAFPID-219994",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:enterprise:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence",
"product": {
"name": "business_intelligence",
"product_id": "CSAFPID-219817",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence:6.4.0.0.0:enterprise:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence",
"product": {
"name": "business_intelligence",
"product_id": "CSAFPID-1503297",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence",
"product": {
"name": "business_intelligence",
"product_id": "CSAFPID-257324",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence",
"product": {
"name": "business_intelligence",
"product_id": "CSAFPID-1503298",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence",
"product": {
"name": "business_intelligence",
"product_id": "CSAFPID-1650736",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-765384",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-764234",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-765387",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.5.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-764778",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-764929",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-764235",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-764930",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-764236",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-1503574",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-1503573",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-765388",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___5.9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-764727",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-764729",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-765383",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-765385",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-765389",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___5.9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-764725",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-764728",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-764730",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-764726",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "business_intelligence_enterprise_edition",
"product": {
"name": "business_intelligence_enterprise_edition",
"product_id": "CSAFPID-765386",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_storage_service_integration___12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bi_publisher",
"product": {
"name": "bi_publisher",
"product_id": "CSAFPID-9197",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bi_publisher",
"product": {
"name": "bi_publisher",
"product_id": "CSAFPID-9493",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bi_publisher",
"product": {
"name": "bi_publisher",
"product_id": "CSAFPID-220546",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:bi_publisher:5.9.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bi_publisher",
"product": {
"name": "bi_publisher",
"product_id": "CSAFPID-228391",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bi_publisher",
"product": {
"name": "bi_publisher",
"product_id": "CSAFPID-220545",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bi_publisher",
"product": {
"name": "bi_publisher",
"product_id": "CSAFPID-220560",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bi_publisher",
"product": {
"name": "bi_publisher",
"product_id": "CSAFPID-1673195",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "analytics_desktop",
"product": {
"name": "analytics_desktop",
"product_id": "CSAFPID-816763",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "analytics_desktop",
"product": {
"name": "analytics_desktop",
"product_id": "CSAFPID-816761",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "analytics_desktop",
"product": {
"name": "analytics_desktop",
"product_id": "CSAFPID-816762",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "analytics_desktop",
"product": {
"name": "analytics_desktop",
"product_id": "CSAFPID-1751172",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:analytics_desktop:8.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "analytics_desktop",
"product": {
"name": "analytics_desktop",
"product_id": "CSAFPID-1650735",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:analytics_desktop:prior_to_7.8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "analytics_desktop",
"product": {
"name": "analytics_desktop",
"product_id": "CSAFPID-1751157",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:analytics_desktop:prior_to_8.1.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-10000",
"references": [
{
"category": "self",
"summary": "CVE-2016-10000",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2016/CVE-2016-10000.json"
}
],
"title": "CVE-2016-10000"
},
{
"cve": "CVE-2020-2849",
"product_status": {
"known_affected": [
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-2849",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-2849.json"
}
],
"title": "CVE-2020-2849"
},
{
"cve": "CVE-2020-7760",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-9493",
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764235",
"CSAFPID-764236",
"CSAFPID-764725",
"CSAFPID-764726",
"CSAFPID-764727",
"CSAFPID-764728",
"CSAFPID-764729",
"CSAFPID-764730",
"CSAFPID-765383",
"CSAFPID-765384",
"CSAFPID-765385",
"CSAFPID-765386",
"CSAFPID-765387",
"CSAFPID-765388",
"CSAFPID-765389",
"CSAFPID-764778",
"CSAFPID-816761",
"CSAFPID-816762",
"CSAFPID-816763",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-7760",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-7760.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-9493",
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764235",
"CSAFPID-764236",
"CSAFPID-764725",
"CSAFPID-764726",
"CSAFPID-764727",
"CSAFPID-764728",
"CSAFPID-764729",
"CSAFPID-764730",
"CSAFPID-765383",
"CSAFPID-765384",
"CSAFPID-765385",
"CSAFPID-765386",
"CSAFPID-765387",
"CSAFPID-765388",
"CSAFPID-765389",
"CSAFPID-764778",
"CSAFPID-816761",
"CSAFPID-816762",
"CSAFPID-816763",
"CSAFPID-257324"
]
}
],
"title": "CVE-2020-7760"
},
{
"cve": "CVE-2020-13956",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-9493",
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764235",
"CSAFPID-764236",
"CSAFPID-764725",
"CSAFPID-764726",
"CSAFPID-764727",
"CSAFPID-764728",
"CSAFPID-764729",
"CSAFPID-764730",
"CSAFPID-228391",
"CSAFPID-764778",
"CSAFPID-220546",
"CSAFPID-9197",
"CSAFPID-764929",
"CSAFPID-764930",
"CSAFPID-765383",
"CSAFPID-765384",
"CSAFPID-765385",
"CSAFPID-765386",
"CSAFPID-765387",
"CSAFPID-765388",
"CSAFPID-765389",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-1503574",
"CSAFPID-257324",
"CSAFPID-135810"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13956",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-9493",
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764235",
"CSAFPID-764236",
"CSAFPID-764725",
"CSAFPID-764726",
"CSAFPID-764727",
"CSAFPID-764728",
"CSAFPID-764729",
"CSAFPID-764730",
"CSAFPID-228391",
"CSAFPID-764778",
"CSAFPID-220546",
"CSAFPID-9197",
"CSAFPID-764929",
"CSAFPID-764930",
"CSAFPID-765383",
"CSAFPID-765384",
"CSAFPID-765385",
"CSAFPID-765386",
"CSAFPID-765387",
"CSAFPID-765388",
"CSAFPID-765389",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-1503574",
"CSAFPID-257324",
"CSAFPID-135810"
]
}
],
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2020-28975",
"product_status": {
"known_affected": [
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-28975",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-28975.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-257324"
]
}
],
"title": "CVE-2020-28975"
},
{
"cve": "CVE-2021-23926",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764725",
"CSAFPID-764726",
"CSAFPID-764234",
"CSAFPID-764727",
"CSAFPID-764728",
"CSAFPID-764235",
"CSAFPID-764729",
"CSAFPID-764730",
"CSAFPID-764236",
"CSAFPID-9493",
"CSAFPID-764778",
"CSAFPID-228391",
"CSAFPID-135810",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574",
"CSAFPID-220546",
"CSAFPID-9197",
"CSAFPID-764929",
"CSAFPID-764930"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-23926",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23926.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764725",
"CSAFPID-764726",
"CSAFPID-764234",
"CSAFPID-764727",
"CSAFPID-764728",
"CSAFPID-764235",
"CSAFPID-764729",
"CSAFPID-764730",
"CSAFPID-764236",
"CSAFPID-9493",
"CSAFPID-764778",
"CSAFPID-228391",
"CSAFPID-135810",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574",
"CSAFPID-220546",
"CSAFPID-9197",
"CSAFPID-764929",
"CSAFPID-764930"
]
}
],
"title": "CVE-2021-23926"
},
{
"cve": "CVE-2021-33813",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764725",
"CSAFPID-764726",
"CSAFPID-764234",
"CSAFPID-764727",
"CSAFPID-764728",
"CSAFPID-764235",
"CSAFPID-764729",
"CSAFPID-764730",
"CSAFPID-764236",
"CSAFPID-9197",
"CSAFPID-9493",
"CSAFPID-228391",
"CSAFPID-764778",
"CSAFPID-816761",
"CSAFPID-816762",
"CSAFPID-816763",
"CSAFPID-765383",
"CSAFPID-765384",
"CSAFPID-765385",
"CSAFPID-765386",
"CSAFPID-765387",
"CSAFPID-765388",
"CSAFPID-765389",
"CSAFPID-135810"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-33813",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-33813.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764725",
"CSAFPID-764726",
"CSAFPID-764234",
"CSAFPID-764727",
"CSAFPID-764728",
"CSAFPID-764235",
"CSAFPID-764729",
"CSAFPID-764730",
"CSAFPID-764236",
"CSAFPID-9197",
"CSAFPID-9493",
"CSAFPID-228391",
"CSAFPID-764778",
"CSAFPID-816761",
"CSAFPID-816762",
"CSAFPID-816763",
"CSAFPID-765383",
"CSAFPID-765384",
"CSAFPID-765385",
"CSAFPID-765386",
"CSAFPID-765387",
"CSAFPID-765388",
"CSAFPID-765389",
"CSAFPID-135810"
]
}
],
"title": "CVE-2021-33813"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764725",
"CSAFPID-764726",
"CSAFPID-764234",
"CSAFPID-764727",
"CSAFPID-764728",
"CSAFPID-764235",
"CSAFPID-764729",
"CSAFPID-764730",
"CSAFPID-764236",
"CSAFPID-9493",
"CSAFPID-764778",
"CSAFPID-228391",
"CSAFPID-135810",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-40150",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40150.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764725",
"CSAFPID-764726",
"CSAFPID-764234",
"CSAFPID-764727",
"CSAFPID-764728",
"CSAFPID-764235",
"CSAFPID-764729",
"CSAFPID-764730",
"CSAFPID-764236",
"CSAFPID-9493",
"CSAFPID-764778",
"CSAFPID-228391",
"CSAFPID-135810",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574"
]
}
],
"title": "CVE-2022-40150"
},
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"category": "other",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
},
{
"category": "other",
"text": "Creation of Temporary File in Directory with Insecure Permissions",
"title": "CWE-379"
}
],
"product_status": {
"known_affected": [
"CSAFPID-9493",
"CSAFPID-816761",
"CSAFPID-816762",
"CSAFPID-816763",
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764235",
"CSAFPID-764236",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-2976",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-9493",
"CSAFPID-816761",
"CSAFPID-816762",
"CSAFPID-816763",
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764235",
"CSAFPID-764236",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574",
"CSAFPID-257324"
]
}
],
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-4785",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"notes": [
{
"category": "other",
"text": "Uncaught Exception",
"title": "CWE-248"
}
],
"product_status": {
"known_affected": [
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-4785",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4785.json"
}
],
"title": "CVE-2023-4785"
},
{
"cve": "CVE-2023-7272",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-7272",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7272.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-257324"
]
}
],
"title": "CVE-2023-7272"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-399",
"title": "CWE-399"
}
],
"product_status": {
"known_affected": [
"CSAFPID-9493",
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764235",
"CSAFPID-764236",
"CSAFPID-764778",
"CSAFPID-816761",
"CSAFPID-816762",
"CSAFPID-816763",
"CSAFPID-764725",
"CSAFPID-764726",
"CSAFPID-764727",
"CSAFPID-764728",
"CSAFPID-764729",
"CSAFPID-764730",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574",
"CSAFPID-135810"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-24998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-25399",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650736",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-25399",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-25399.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650736",
"CSAFPID-257324"
]
}
],
"title": "CVE-2023-25399"
},
{
"cve": "CVE-2023-29824",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650736",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-29824",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29824.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650736",
"CSAFPID-257324"
]
}
],
"title": "CVE-2023-29824"
},
{
"cve": "CVE-2023-32732",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
}
],
"product_status": {
"known_affected": [
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-32732",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32732.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-257324"
]
}
],
"title": "CVE-2023-32732"
},
{
"cve": "CVE-2023-33202",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650735",
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-33202",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33202.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650735",
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574",
"CSAFPID-257324"
]
}
],
"title": "CVE-2023-33202"
},
{
"cve": "CVE-2023-33953",
"cwe": {
"id": "CWE-834",
"name": "Excessive Iteration"
},
"notes": [
{
"category": "other",
"text": "Excessive Iteration",
"title": "CWE-834"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
}
],
"product_status": {
"known_affected": [
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-33953",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33953.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-257324"
]
}
],
"title": "CVE-2023-33953"
},
{
"cve": "CVE-2023-43804",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-43804",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43804.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-257324"
]
}
],
"title": "CVE-2023-43804"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-9493",
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764235",
"CSAFPID-764236",
"CSAFPID-816761",
"CSAFPID-816762",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-9493",
"CSAFPID-220545",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764235",
"CSAFPID-764236",
"CSAFPID-816761",
"CSAFPID-816762",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574",
"CSAFPID-257324"
]
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45803",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45803",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45803.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-257324"
]
}
],
"title": "CVE-2023-45803"
},
{
"cve": "CVE-2023-50782",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Timing Discrepancy",
"title": "CWE-208"
},
{
"category": "other",
"text": "Observable Discrepancy",
"title": "CWE-203"
}
],
"product_status": {
"known_affected": [
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-50782",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50782.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-257324"
]
}
],
"title": "CVE-2023-50782"
},
{
"cve": "CVE-2024-0727",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-135810",
"CSAFPID-1650736",
"CSAFPID-257324",
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0727",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-135810",
"CSAFPID-1650736",
"CSAFPID-257324",
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574"
]
}
],
"title": "CVE-2024-0727"
},
{
"cve": "CVE-2024-1135",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
}
],
"product_status": {
"known_affected": [
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-1135",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1135.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-257324"
]
}
],
"title": "CVE-2024-1135"
},
{
"cve": "CVE-2024-4741",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-1503574",
"CSAFPID-1650736",
"CSAFPID-257324",
"CSAFPID-135810"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4741",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json"
}
],
"title": "CVE-2024-4741"
},
{
"cve": "CVE-2024-5535",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
}
],
"product_status": {
"known_affected": [
"CSAFPID-135810",
"CSAFPID-1650736",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-5535",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-135810",
"CSAFPID-1650736",
"CSAFPID-257324"
]
}
],
"title": "CVE-2024-5535"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220560",
"CSAFPID-1673195",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-7254",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-220560",
"CSAFPID-1673195",
"CSAFPID-257324"
]
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-22195",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22195",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22195.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-257324"
]
}
],
"title": "CVE-2024-22195"
},
{
"cve": "CVE-2024-26130",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26130",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-9493",
"CSAFPID-220560",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-1503574",
"CSAFPID-257324"
]
}
],
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-1503574",
"CSAFPID-220560",
"CSAFPID-1673195"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29025",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-1503574",
"CSAFPID-220560",
"CSAFPID-1673195"
]
}
],
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-29131",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-257324",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-1503574",
"CSAFPID-1650736"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29131",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-257324",
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-1503574",
"CSAFPID-1650736"
]
}
],
"title": "CVE-2024-29131"
},
{
"cve": "CVE-2024-34064",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-1503574",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34064",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816763",
"CSAFPID-1503573",
"CSAFPID-765385",
"CSAFPID-764234",
"CSAFPID-764236",
"CSAFPID-1503574",
"CSAFPID-257324"
]
}
],
"title": "CVE-2024-34064"
},
{
"cve": "CVE-2024-35195",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"notes": [
{
"category": "other",
"text": "Always-Incorrect Control Flow Implementation",
"title": "CWE-670"
}
],
"product_status": {
"known_affected": [
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35195",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-257324"
]
}
],
"title": "CVE-2024-35195"
},
{
"cve": "CVE-2024-36114",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650736",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36114",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36114.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650736",
"CSAFPID-257324"
]
}
],
"title": "CVE-2024-36114"
},
{
"cve": "CVE-2024-37891",
"cwe": {
"id": "CWE-669",
"name": "Incorrect Resource Transfer Between Spheres"
},
"notes": [
{
"category": "other",
"text": "Incorrect Resource Transfer Between Spheres",
"title": "CWE-669"
}
],
"product_status": {
"known_affected": [
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37891",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-257324"
]
}
],
"title": "CVE-2024-37891"
},
{
"cve": "CVE-2024-38809",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220560",
"CSAFPID-1673195",
"CSAFPID-1650736",
"CSAFPID-257324",
"CSAFPID-135810"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38809",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38809.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-220560",
"CSAFPID-1673195",
"CSAFPID-1650736",
"CSAFPID-257324",
"CSAFPID-135810"
]
}
],
"title": "CVE-2024-38809"
},
{
"cve": "CVE-2024-38820",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220560",
"CSAFPID-1673195"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38820",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-220560",
"CSAFPID-1673195"
]
}
],
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-43382",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "other",
"text": "Missing Encryption of Sensitive Data",
"title": "CWE-311"
},
{
"category": "other",
"text": "Inadequate Encryption Strength",
"title": "CWE-326"
}
],
"product_status": {
"known_affected": [
"CSAFPID-220560",
"CSAFPID-1673195"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43382",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43382.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-220560",
"CSAFPID-1673195"
]
}
],
"title": "CVE-2024-43382"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650736",
"CSAFPID-257324"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650736",
"CSAFPID-257324"
]
}
],
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2025-21532",
"product_status": {
"known_affected": [
"CSAFPID-1751157"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21532",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21532.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751157"
]
}
],
"title": "CVE-2025-21532"
}
]
}
OPENSUSE-SU-2024:13343-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python310-urllib3-2.0.7-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python310-urllib3-2.0.7-1.1 on GA media
Description of the patch: These are all security issues fixed in the python310-urllib3-2.0.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13343
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.2 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-urllib3-2.0.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-urllib3-2.0.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13343",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13343-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45803 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45803/"
}
],
"title": "python310-urllib3-2.0.7-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13343-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-urllib3-2.0.7-1.1.aarch64",
"product": {
"name": "python310-urllib3-2.0.7-1.1.aarch64",
"product_id": "python310-urllib3-2.0.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-urllib3-2.0.7-1.1.aarch64",
"product": {
"name": "python311-urllib3-2.0.7-1.1.aarch64",
"product_id": "python311-urllib3-2.0.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-urllib3-2.0.7-1.1.aarch64",
"product": {
"name": "python39-urllib3-2.0.7-1.1.aarch64",
"product_id": "python39-urllib3-2.0.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-urllib3-2.0.7-1.1.ppc64le",
"product": {
"name": "python310-urllib3-2.0.7-1.1.ppc64le",
"product_id": "python310-urllib3-2.0.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-urllib3-2.0.7-1.1.ppc64le",
"product": {
"name": "python311-urllib3-2.0.7-1.1.ppc64le",
"product_id": "python311-urllib3-2.0.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-urllib3-2.0.7-1.1.ppc64le",
"product": {
"name": "python39-urllib3-2.0.7-1.1.ppc64le",
"product_id": "python39-urllib3-2.0.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-urllib3-2.0.7-1.1.s390x",
"product": {
"name": "python310-urllib3-2.0.7-1.1.s390x",
"product_id": "python310-urllib3-2.0.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-urllib3-2.0.7-1.1.s390x",
"product": {
"name": "python311-urllib3-2.0.7-1.1.s390x",
"product_id": "python311-urllib3-2.0.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-urllib3-2.0.7-1.1.s390x",
"product": {
"name": "python39-urllib3-2.0.7-1.1.s390x",
"product_id": "python39-urllib3-2.0.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-urllib3-2.0.7-1.1.x86_64",
"product": {
"name": "python310-urllib3-2.0.7-1.1.x86_64",
"product_id": "python310-urllib3-2.0.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-urllib3-2.0.7-1.1.x86_64",
"product": {
"name": "python311-urllib3-2.0.7-1.1.x86_64",
"product_id": "python311-urllib3-2.0.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-urllib3-2.0.7-1.1.x86_64",
"product": {
"name": "python39-urllib3-2.0.7-1.1.x86_64",
"product_id": "python39-urllib3-2.0.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-urllib3-2.0.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.aarch64"
},
"product_reference": "python310-urllib3-2.0.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-urllib3-2.0.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.ppc64le"
},
"product_reference": "python310-urllib3-2.0.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-urllib3-2.0.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.s390x"
},
"product_reference": "python310-urllib3-2.0.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-urllib3-2.0.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.x86_64"
},
"product_reference": "python310-urllib3-2.0.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-urllib3-2.0.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.aarch64"
},
"product_reference": "python311-urllib3-2.0.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-urllib3-2.0.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.ppc64le"
},
"product_reference": "python311-urllib3-2.0.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-urllib3-2.0.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.s390x"
},
"product_reference": "python311-urllib3-2.0.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-urllib3-2.0.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.x86_64"
},
"product_reference": "python311-urllib3-2.0.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-urllib3-2.0.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.aarch64"
},
"product_reference": "python39-urllib3-2.0.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-urllib3-2.0.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.ppc64le"
},
"product_reference": "python39-urllib3-2.0.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-urllib3-2.0.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.s390x"
},
"product_reference": "python39-urllib3-2.0.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-urllib3-2.0.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.x86_64"
},
"product_reference": "python39-urllib3-2.0.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45803"
}
],
"notes": [
{
"category": "general",
"text": "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn\u0027t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren\u0027t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn\u0027t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren\u0027t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.aarch64",
"openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.s390x",
"openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.x86_64",
"openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.aarch64",
"openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.s390x",
"openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.x86_64",
"openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.aarch64",
"openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.s390x",
"openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45803",
"url": "https://www.suse.com/security/cve/CVE-2023-45803"
},
{
"category": "external",
"summary": "SUSE Bug 1216377 for CVE-2023-45803",
"url": "https://bugzilla.suse.com/1216377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.aarch64",
"openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.s390x",
"openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.x86_64",
"openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.aarch64",
"openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.s390x",
"openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.x86_64",
"openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.aarch64",
"openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.s390x",
"openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.aarch64",
"openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.s390x",
"openSUSE Tumbleweed:python310-urllib3-2.0.7-1.1.x86_64",
"openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.aarch64",
"openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.s390x",
"openSUSE Tumbleweed:python311-urllib3-2.0.7-1.1.x86_64",
"openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.aarch64",
"openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.ppc64le",
"openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.s390x",
"openSUSE Tumbleweed:python39-urllib3-2.0.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-45803"
}
]
}
OPENSUSE-SU-2024:13344-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python310-urllib3_1-1.26.18-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python310-urllib3_1-1.26.18-1.1 on GA media
Description of the patch: These are all security issues fixed in the python310-urllib3_1-1.26.18-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13344
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.2 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-urllib3_1-1.26.18-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-urllib3_1-1.26.18-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13344",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13344-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45803 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45803/"
}
],
"title": "python310-urllib3_1-1.26.18-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13344-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-urllib3_1-1.26.18-1.1.aarch64",
"product": {
"name": "python310-urllib3_1-1.26.18-1.1.aarch64",
"product_id": "python310-urllib3_1-1.26.18-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-urllib3_1-1.26.18-1.1.aarch64",
"product": {
"name": "python311-urllib3_1-1.26.18-1.1.aarch64",
"product_id": "python311-urllib3_1-1.26.18-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-urllib3_1-1.26.18-1.1.aarch64",
"product": {
"name": "python39-urllib3_1-1.26.18-1.1.aarch64",
"product_id": "python39-urllib3_1-1.26.18-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-urllib3_1-1.26.18-1.1.ppc64le",
"product": {
"name": "python310-urllib3_1-1.26.18-1.1.ppc64le",
"product_id": "python310-urllib3_1-1.26.18-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-urllib3_1-1.26.18-1.1.ppc64le",
"product": {
"name": "python311-urllib3_1-1.26.18-1.1.ppc64le",
"product_id": "python311-urllib3_1-1.26.18-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-urllib3_1-1.26.18-1.1.ppc64le",
"product": {
"name": "python39-urllib3_1-1.26.18-1.1.ppc64le",
"product_id": "python39-urllib3_1-1.26.18-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-urllib3_1-1.26.18-1.1.s390x",
"product": {
"name": "python310-urllib3_1-1.26.18-1.1.s390x",
"product_id": "python310-urllib3_1-1.26.18-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-urllib3_1-1.26.18-1.1.s390x",
"product": {
"name": "python311-urllib3_1-1.26.18-1.1.s390x",
"product_id": "python311-urllib3_1-1.26.18-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-urllib3_1-1.26.18-1.1.s390x",
"product": {
"name": "python39-urllib3_1-1.26.18-1.1.s390x",
"product_id": "python39-urllib3_1-1.26.18-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-urllib3_1-1.26.18-1.1.x86_64",
"product": {
"name": "python310-urllib3_1-1.26.18-1.1.x86_64",
"product_id": "python310-urllib3_1-1.26.18-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-urllib3_1-1.26.18-1.1.x86_64",
"product": {
"name": "python311-urllib3_1-1.26.18-1.1.x86_64",
"product_id": "python311-urllib3_1-1.26.18-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-urllib3_1-1.26.18-1.1.x86_64",
"product": {
"name": "python39-urllib3_1-1.26.18-1.1.x86_64",
"product_id": "python39-urllib3_1-1.26.18-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-urllib3_1-1.26.18-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.aarch64"
},
"product_reference": "python310-urllib3_1-1.26.18-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-urllib3_1-1.26.18-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.ppc64le"
},
"product_reference": "python310-urllib3_1-1.26.18-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-urllib3_1-1.26.18-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.s390x"
},
"product_reference": "python310-urllib3_1-1.26.18-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-urllib3_1-1.26.18-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.x86_64"
},
"product_reference": "python310-urllib3_1-1.26.18-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-urllib3_1-1.26.18-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.aarch64"
},
"product_reference": "python311-urllib3_1-1.26.18-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-urllib3_1-1.26.18-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.ppc64le"
},
"product_reference": "python311-urllib3_1-1.26.18-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-urllib3_1-1.26.18-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.s390x"
},
"product_reference": "python311-urllib3_1-1.26.18-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-urllib3_1-1.26.18-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.x86_64"
},
"product_reference": "python311-urllib3_1-1.26.18-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-urllib3_1-1.26.18-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.aarch64"
},
"product_reference": "python39-urllib3_1-1.26.18-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-urllib3_1-1.26.18-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.ppc64le"
},
"product_reference": "python39-urllib3_1-1.26.18-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-urllib3_1-1.26.18-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.s390x"
},
"product_reference": "python39-urllib3_1-1.26.18-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-urllib3_1-1.26.18-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.x86_64"
},
"product_reference": "python39-urllib3_1-1.26.18-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45803"
}
],
"notes": [
{
"category": "general",
"text": "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn\u0027t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren\u0027t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn\u0027t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren\u0027t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.aarch64",
"openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.ppc64le",
"openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.s390x",
"openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.x86_64",
"openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.aarch64",
"openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.ppc64le",
"openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.s390x",
"openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.x86_64",
"openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.aarch64",
"openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.ppc64le",
"openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.s390x",
"openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45803",
"url": "https://www.suse.com/security/cve/CVE-2023-45803"
},
{
"category": "external",
"summary": "SUSE Bug 1216377 for CVE-2023-45803",
"url": "https://bugzilla.suse.com/1216377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.aarch64",
"openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.ppc64le",
"openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.s390x",
"openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.x86_64",
"openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.aarch64",
"openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.ppc64le",
"openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.s390x",
"openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.x86_64",
"openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.aarch64",
"openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.ppc64le",
"openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.s390x",
"openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.aarch64",
"openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.ppc64le",
"openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.s390x",
"openSUSE Tumbleweed:python310-urllib3_1-1.26.18-1.1.x86_64",
"openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.aarch64",
"openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.ppc64le",
"openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.s390x",
"openSUSE Tumbleweed:python311-urllib3_1-1.26.18-1.1.x86_64",
"openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.aarch64",
"openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.ppc64le",
"openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.s390x",
"openSUSE Tumbleweed:python39-urllib3_1-1.26.18-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-45803"
}
]
}
PYSEC-2023-212
Vulnerability from pysec - Published: 2023-10-17 20:15 - Updated: 2023-10-25 18:28
VLAI
Details
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like POST) to GET as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with redirects=False and disable automatic redirects with redirects=False and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
Severity
4.2 (Medium)
Impacted products
| Name | purl | urllib3 | pkg:pypi/urllib3 |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "urllib3",
"purl": "pkg:pypi/urllib3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4e98d57809dacab1cbe625fddeec1a290c478ea9"
}
],
"repo": "https://github.com/urllib3/urllib3",
"type": "GIT"
},
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.7"
},
{
"introduced": "0"
},
{
"fixed": "1.26.18"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.2",
"0.3",
"0.3.1",
"0.4.0",
"0.4.1",
"1.0",
"1.0.1",
"1.0.2",
"1.1",
"1.10",
"1.10.1",
"1.10.2",
"1.10.3",
"1.10.4",
"1.11",
"1.12",
"1.13",
"1.13.1",
"1.14",
"1.15",
"1.15.1",
"1.16",
"1.17",
"1.18",
"1.18.1",
"1.19",
"1.19.1",
"1.2",
"1.2.1",
"1.2.2",
"1.20",
"1.21",
"1.21.1",
"1.22",
"1.23",
"1.24",
"1.24.1",
"1.24.2",
"1.24.3",
"1.25",
"1.25.1",
"1.25.10",
"1.25.11",
"1.25.2",
"1.25.3",
"1.25.4",
"1.25.5",
"1.25.6",
"1.25.7",
"1.25.8",
"1.25.9",
"1.26.0",
"1.26.1",
"1.26.10",
"1.26.11",
"1.26.12",
"1.26.13",
"1.26.14",
"1.26.15",
"1.26.16",
"1.26.17",
"1.26.2",
"1.26.3",
"1.26.4",
"1.26.5",
"1.26.6",
"1.26.7",
"1.26.8",
"1.26.9",
"1.3",
"1.4",
"1.5",
"1.6",
"1.7",
"1.7.1",
"1.8",
"1.8.2",
"1.8.3",
"1.9",
"1.9.1",
"2.0.0",
"2.0.1",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5",
"2.0.6"
]
}
],
"aliases": [
"CVE-2023-45803",
"GHSA-g4mx-q9vg-27p4"
],
"details": "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn\u0027t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren\u0027t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn\u0027t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren\u0027t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n",
"id": "PYSEC-2023-212",
"modified": "2023-10-25T18:28:34.811764+00:00",
"published": "2023-10-17T20:15:00+00:00",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4"
},
{
"type": "WEB",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get"
},
{
"type": "FIX",
"url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9"
},
{
"type": "ARTICLE",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
RHSA-2023:7851
Vulnerability from csaf_redhat - Published: 2023-12-14 16:30 - Updated: 2026-04-30 13:13Summary
Red Hat Security Advisory: Satellite 6.14.1 Async Security Update
Severity
Moderate
Notes
Topic: Updated Satellite 6.14 packages that fixes Important security bugs and several
regular bugs are now available for Red Hat Satellite.
Details: Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security fix(es):
* rubygem-actionpack: actionpack: Possible XSS via User Supplied Values to redirect_to [rhn_satellite_6.14] (CVE-2023-28362)
* foreman: World readable file containing secrets [rhn_satellite_6.14] (CVE-2023-4886)
* python-urllib3: urllib3: Request body not stripped after redirect from 303 status changes request method to GET [rhn_satellite_6-default] (CVE-2023-45803 )
* python-gitpython: GitPython: Blind local file inclusion [rhn_satellite_6-default] (CVE-2023-41040)
This update fixes the following bugs:
2250342 - REX job finished with exit code 0 but the script failed on client side due to no space.
2250343 - Selinux denials are reported after following "Chapter 13. Managing Custom File Type Content" chapter step by step
2250344 - Long running postgres threads during content-export
2250345 - Upgrade django-import-export package to at least 3.1.0
2250349 - After upstream repo switched to zst compression, Satellite 6.12.5.1 unable to sync
2250350 - Slow generate applicability for Hosts with multiple modulestreams installed
2250352 - Recalculate button for Errata is not available on Satellite 6.13/ Satellite 6.14 if no errata is present
2250351 - Actions::ForemanLeapp::PreupgradeJob fails with null value in column "preupgrade_report_id" violates not-null constraint when run with non-admin user
2251799 - REX Template for 'convert2rhel analyze' command
2254085 - Getting '/usr/sbin/foreman-rake db:migrate' returned 1 instead of one of [0] ERROR while trying to upgrade Satellite 6.13 to 6.14
2254080 - satellite-convert2rhel-toolkit rpm v1.0.0 in 6.14.z
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
6.7 (Medium)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
|
Known not affected
98 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64 | — |
Threats
Impact
Moderate
A Cross-site Scripting (XSS) vulnerability was found in Actionpack due to improper sanitization of user-supplied values. This allows provided values to contain characters that are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned location header.
4.7 (Medium)
Affected products
Fixed
2 products
Known not affected
147 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64 | — |
Threats
Impact
Moderate
A path traversal vulnerability was found in GitPython due to an input validation error when reading from the ".git" directory. This issue may allow a remote attacker to prepare a specially crafted ".git" file with directory traversal characters in file names and force the application to read these files from the local system, which can result in checking for the existence of a specific file on the system or allow a denial of service (DoS) attack.
5.1 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch | — |
Vendor Fix
fix
|
Known not affected
145 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64 | — |
Threats
Impact
Moderate
A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.
5.9 (Medium)
Affected products
Fixed
149 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.
4.2 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch | — |
Vendor Fix
fix
Workaround
|
Known not affected
145 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64 | — |
Workaround
|
Threats
Impact
Moderate
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Satellite 6.14 packages that fixes Important security bugs and several\nregular bugs are now available for Red Hat Satellite.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations\nto configure and maintain their systems without the necessity to provide\npublic Internet access to their servers or other client systems. It\nperforms provisioning and configuration management of predefined standard\noperating environments.\n\nSecurity fix(es):\n\n* rubygem-actionpack: actionpack: Possible XSS via User Supplied Values to redirect_to [rhn_satellite_6.14] (CVE-2023-28362)\n\n* foreman: World readable file containing secrets [rhn_satellite_6.14] (CVE-2023-4886)\n\n* python-urllib3: urllib3: Request body not stripped after redirect from 303 status changes request method to GET [rhn_satellite_6-default] (CVE-2023-45803 )\n\n* python-gitpython: GitPython: Blind local file inclusion [rhn_satellite_6-default] (CVE-2023-41040)\n\nThis update fixes the following bugs:\n\n2250342 - REX job finished with exit code 0 but the script failed on client side due to no space.\n2250343 - Selinux denials are reported after following \"Chapter 13. Managing Custom File Type Content\" chapter step by step\n2250344 - Long running postgres threads during content-export\n2250345 - Upgrade django-import-export package to at least 3.1.0\n2250349 - After upstream repo switched to zst compression, Satellite 6.12.5.1 unable to sync\n2250350 - Slow generate applicability for Hosts with multiple modulestreams installed\n2250352 - Recalculate button for Errata is not available on Satellite 6.13/ Satellite 6.14 if no errata is present\n2250351 - Actions::ForemanLeapp::PreupgradeJob fails with null value in column \"preupgrade_report_id\" violates not-null constraint when run with non-admin user\n2251799 - REX Template for \u0027convert2rhel analyze\u0027 command\n2254085 - Getting \u0027/usr/sbin/foreman-rake db:migrate\u0027 returned 1 instead of one of [0] ERROR while trying to upgrade Satellite 6.13 to 6.14 \n2254080 - satellite-convert2rhel-toolkit rpm v1.0.0 in 6.14.z\n\nUsers of Red Hat Satellite are advised to upgrade to these updated\npackages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7851",
"url": "https://access.redhat.com/errata/RHSA-2023:7851"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_red_hat_satellite_to_6.14/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_red_hat_satellite_to_6.14/index"
},
{
"category": "external",
"summary": "2217785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217785"
},
{
"category": "external",
"summary": "2230135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230135"
},
{
"category": "external",
"summary": "2246840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246840"
},
{
"category": "external",
"summary": "2247040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247040"
},
{
"category": "external",
"summary": "2250342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250342"
},
{
"category": "external",
"summary": "2250343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250343"
},
{
"category": "external",
"summary": "2250344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250344"
},
{
"category": "external",
"summary": "2250345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250345"
},
{
"category": "external",
"summary": "2250349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250349"
},
{
"category": "external",
"summary": "2250350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250350"
},
{
"category": "external",
"summary": "2250351",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250351"
},
{
"category": "external",
"summary": "2250352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250352"
},
{
"category": "external",
"summary": "2251799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251799"
},
{
"category": "external",
"summary": "2254080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254080"
},
{
"category": "external",
"summary": "2254085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254085"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7851.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.14.1 Async Security Update",
"tracking": {
"current_release_date": "2026-04-30T13:13:48+00:00",
"generator": {
"date": "2026-04-30T13:13:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2023:7851",
"initial_release_date": "2023-12-14T16:30:08+00:00",
"revision_history": [
{
"date": "2023-12-14T16:30:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-12-14T16:30:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:13:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.14::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.14::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "createrepo_c-0:1.0.2-2.el8pc.src",
"product": {
"name": "createrepo_c-0:1.0.2-2.el8pc.src",
"product_id": "createrepo_c-0:1.0.2-2.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/createrepo_c@1.0.2-2.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.7.0.10-1.el8sat.src",
"product": {
"name": "foreman-0:3.7.0.10-1.el8sat.src",
"product_id": "foreman-0:3.7.0.10-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.7.0.10-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.7.0.5-1.el8sat.src",
"product": {
"name": "foreman-installer-1:3.7.0.5-1.el8sat.src",
"product_id": "foreman-installer-1:3.7.0.5-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.7.0.5-1.el8sat?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-django-import-export-0:3.1.0-1.el8pc.src",
"product": {
"name": "python-django-import-export-0:3.1.0-1.el8pc.src",
"product_id": "python-django-import-export-0:3.1.0-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django-import-export@3.1.0-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-gitpython-0:3.1.40-0.1.el8pc.src",
"product": {
"name": "python-gitpython-0:3.1.40-0.1.el8pc.src",
"product_id": "python-gitpython-0:3.1.40-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-gitpython@3.1.40-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulpcore-0:3.22.19-1.el8pc.src",
"product": {
"name": "python-pulpcore-0:3.22.19-1.el8pc.src",
"product_id": "python-pulpcore-0:3.22.19-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulpcore@3.22.19-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulp-rpm-0:3.19.11-2.el8pc.src",
"product": {
"name": "python-pulp-rpm-0:3.19.11-2.el8pc.src",
"product_id": "python-pulp-rpm-0:3.19.11-2.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulp-rpm@3.19.11-2.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-urllib3-0:1.26.18-0.1.el8pc.src",
"product": {
"name": "python-urllib3-0:1.26.18-0.1.el8pc.src",
"product_id": "python-urllib3-0:1.26.18-0.1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-urllib3@1.26.18-0.1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"product": {
"name": "rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"product_id": "rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actioncable@6.1.7.4-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"product": {
"name": "rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"product_id": "rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionmailbox@6.1.7.4-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"product": {
"name": "rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"product_id": "rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionmailer@6.1.7.4-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"product": {
"name": "rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"product_id": "rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionpack@6.1.7.4-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"product": {
"name": "rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"product_id": "rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actiontext@6.1.7.4-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"product": {
"name": "rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"product_id": "rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionview@6.1.7.4-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"product": {
"name": "rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"product_id": "rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activejob@6.1.7.4-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"product": {
"name": "rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"product_id": "rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activemodel@6.1.7.4-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"product": {
"name": "rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"product_id": "rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activerecord@6.1.7.4-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"product": {
"name": "rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"product_id": "rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activestorage@6.1.7.4-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"product": {
"name": "rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"product_id": "rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activesupport@6.1.7.4-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rails-0:6.1.7.4-1.el8sat.src",
"product": {
"name": "rubygem-rails-0:6.1.7.4-1.el8sat.src",
"product_id": "rubygem-rails-0:6.1.7.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rails@6.1.7.4-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-railties-0:6.1.7.4-1.el8sat.src",
"product": {
"name": "rubygem-railties-0:6.1.7.4-1.el8sat.src",
"product_id": "rubygem-railties-0:6.1.7.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-railties@6.1.7.4-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"product": {
"name": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"product_id": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-smart_proxy_remote_execution_ssh@0.10.2-2.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.14.1-1.el8sat.src",
"product": {
"name": "satellite-0:6.14.1-1.el8sat.src",
"product_id": "satellite-0:6.14.1-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.1-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"product": {
"name": "rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"product_id": "rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_remote_execution@10.1.2-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.9.0.18-1.el8sat.src",
"product": {
"name": "rubygem-katello-0:4.9.0.18-1.el8sat.src",
"product_id": "rubygem-katello-0:4.9.0.18-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.9.0.18-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "pulpcore-selinux-0:2.0.0-1.el8pc.src",
"product": {
"name": "pulpcore-selinux-0:2.0.0-1.el8pc.src",
"product_id": "pulpcore-selinux-0:2.0.0-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pulpcore-selinux@2.0.0-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"product": {
"name": "rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"product_id": "rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_leapp@1.1.0-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"product": {
"name": "satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"product_id": "satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-convert2rhel-toolkit@1.0.0-1.el8sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "createrepo_c-0:1.0.2-2.el8pc.x86_64",
"product": {
"name": "createrepo_c-0:1.0.2-2.el8pc.x86_64",
"product_id": "createrepo_c-0:1.0.2-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/createrepo_c@1.0.2-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"product": {
"name": "createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"product_id": "createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/createrepo_c-libs@1.0.2-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"product": {
"name": "python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"product_id": "python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-createrepo_c@1.0.2-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"product": {
"name": "python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"product_id": "python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-createrepo_c@1.0.2-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"product": {
"name": "createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"product_id": "createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/createrepo_c-debugsource@1.0.2-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"product": {
"name": "createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"product_id": "createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/createrepo_c-debuginfo@1.0.2-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"product": {
"name": "createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"product_id": "createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/createrepo_c-libs-debuginfo@1.0.2-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"product": {
"name": "python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"product_id": "python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-createrepo_c-debuginfo@1.0.2-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"product": {
"name": "python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"product_id": "python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-createrepo_c-debuginfo@1.0.2-2.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"product": {
"name": "pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"product_id": "pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pulpcore-selinux@2.0.0-1.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64",
"product": {
"name": "satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64",
"product_id": "satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-convert2rhel-toolkit@1.0.0-1.el8sat?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-redis@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-service-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"product_id": "foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.7.0.10-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"product": {
"name": "foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"product_id": "foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.7.0.5-1.el8sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"product": {
"name": "foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"product_id": "foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer-katello@3.7.0.5-1.el8sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"product": {
"name": "python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"product_id": "python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-django-import-export@3.1.0-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"product": {
"name": "python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"product_id": "python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-gitpython@3.1.40-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"product": {
"name": "python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"product_id": "python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulpcore@3.22.19-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"product": {
"name": "python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"product_id": "python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulp-rpm@3.19.11-2.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"product": {
"name": "python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"product_id": "python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-urllib3@1.26.18-0.1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"product": {
"name": "rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"product_id": "rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actioncable@6.1.7.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"product": {
"name": "rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"product_id": "rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionmailbox@6.1.7.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"product": {
"name": "rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"product_id": "rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionmailer@6.1.7.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"product": {
"name": "rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"product_id": "rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionpack@6.1.7.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"product": {
"name": "rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"product_id": "rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actiontext@6.1.7.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"product": {
"name": "rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"product_id": "rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-actionview@6.1.7.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"product": {
"name": "rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"product_id": "rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activejob@6.1.7.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"product": {
"name": "rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"product_id": "rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activemodel@6.1.7.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"product": {
"name": "rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"product_id": "rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activerecord@6.1.7.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"product": {
"name": "rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"product_id": "rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activestorage@6.1.7.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"product": {
"name": "rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"product_id": "rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activesupport@6.1.7.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"product": {
"name": "rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"product_id": "rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rails@6.1.7.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"product": {
"name": "rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"product_id": "rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-railties@6.1.7.4-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"product": {
"name": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"product_id": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-smart_proxy_remote_execution_ssh@0.10.2-2.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.14.1-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.14.1-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.14.1-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.14.1-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.14.1-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.14.1-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.14.1-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.14.1-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.14.1-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.14.1-1.el8sat.noarch",
"product_id": "satellite-common-0:6.14.1-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.14.1-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.14.1-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.14.1-1.el8sat.noarch",
"product_id": "satellite-0:6.14.1-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.14.1-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"product_id": "rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_remote_execution@10.1.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"product_id": "rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_remote_execution-cockpit@10.1.2-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"product": {
"name": "rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"product_id": "rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.9.0.18-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"product_id": "rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_leapp@1.1.0-1.el8sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-0:1.0.2-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src"
},
"product_reference": "createrepo_c-0:1.0.2-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "createrepo_c-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-libs-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.10-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src"
},
"product_reference": "foreman-0:3.7.0.10-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.7.0.5-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch"
},
"product_reference": "foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.7.0.5-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src"
},
"product_reference": "foreman-installer-1:3.7.0.5-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:2.0.0-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src"
},
"product_reference": "pulpcore-selinux-0:2.0.0-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:2.0.0-1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64"
},
"product_reference": "pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-import-export-0:3.1.0-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src"
},
"product_reference": "python-django-import-export-0:3.1.0-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gitpython-0:3.1.40-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src"
},
"product_reference": "python-gitpython-0:3.1.40-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-rpm-0:3.19.11-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src"
},
"product_reference": "python-pulp-rpm-0:3.19.11-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.22.19-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.22.19-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-urllib3-0:1.26.18-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src"
},
"product_reference": "python-urllib3-0:1.26.18-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-createrepo_c-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-createrepo_c-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-import-export-0:3.1.0-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch"
},
"product_reference": "python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-gitpython-0:3.1.40-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch"
},
"product_reference": "python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-rpm-0:3.19.11-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch"
},
"product_reference": "python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.22.19-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-urllib3-0:1.26.18-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch"
},
"product_reference": "python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch"
},
"product_reference": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src"
},
"product_reference": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.1-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.10-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src"
},
"product_reference": "foreman-0:3.7.0.10-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.1-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-0:1.0.2-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src"
},
"product_reference": "createrepo_c-0:1.0.2-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "createrepo_c-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-libs-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.7.0.10-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src"
},
"product_reference": "foreman-0:3.7.0.10-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.7.0.5-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch"
},
"product_reference": "foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.7.0.5-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src"
},
"product_reference": "foreman-installer-1:3.7.0.5-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.7.0.10-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:2.0.0-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src"
},
"product_reference": "pulpcore-selinux-0:2.0.0-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:2.0.0-1.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64"
},
"product_reference": "pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-import-export-0:3.1.0-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src"
},
"product_reference": "python-django-import-export-0:3.1.0-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gitpython-0:3.1.40-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src"
},
"product_reference": "python-gitpython-0:3.1.40-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp-rpm-0:3.19.11-2.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src"
},
"product_reference": "python-pulp-rpm-0:3.19.11-2.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.22.19-1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.22.19-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-urllib3-0:1.26.18-0.1.el8pc.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src"
},
"product_reference": "python-urllib3-0:1.26.18-0.1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-createrepo_c-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-createrepo_c-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64"
},
"product_reference": "python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-import-export-0:3.1.0-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch"
},
"product_reference": "python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-gitpython-0:3.1.40-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch"
},
"product_reference": "python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulp-rpm-0:3.19.11-2.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch"
},
"product_reference": "python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.22.19-1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-urllib3-0:1.26.18-0.1.el8pc.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch"
},
"product_reference": "python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch"
},
"product_reference": "rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actioncable-0:6.1.7.4-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src"
},
"product_reference": "rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch"
},
"product_reference": "rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src"
},
"product_reference": "rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch"
},
"product_reference": "rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionmailer-0:6.1.7.4-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src"
},
"product_reference": "rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch"
},
"product_reference": "rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionpack-0:6.1.7.4-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src"
},
"product_reference": "rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch"
},
"product_reference": "rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actiontext-0:6.1.7.4-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src"
},
"product_reference": "rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionview-0:6.1.7.4-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch"
},
"product_reference": "rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-actionview-0:6.1.7.4-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src"
},
"product_reference": "rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activejob-0:6.1.7.4-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch"
},
"product_reference": "rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activejob-0:6.1.7.4-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src"
},
"product_reference": "rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch"
},
"product_reference": "rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activemodel-0:6.1.7.4-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src"
},
"product_reference": "rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch"
},
"product_reference": "rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activerecord-0:6.1.7.4-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src"
},
"product_reference": "rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch"
},
"product_reference": "rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activestorage-0:6.1.7.4-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src"
},
"product_reference": "rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch"
},
"product_reference": "rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activesupport-0:6.1.7.4-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src"
},
"product_reference": "rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_leapp-0:1.1.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src"
},
"product_reference": "rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src"
},
"product_reference": "rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.9.0.18-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch"
},
"product_reference": "rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.9.0.18-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src"
},
"product_reference": "rubygem-katello-0:4.9.0.18-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rails-0:6.1.7.4-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch"
},
"product_reference": "rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rails-0:6.1.7.4-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src"
},
"product_reference": "rubygem-rails-0:6.1.7.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-railties-0:6.1.7.4-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch"
},
"product_reference": "rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-railties-0:6.1.7.4-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src"
},
"product_reference": "rubygem-railties-0:6.1.7.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch"
},
"product_reference": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src"
},
"product_reference": "rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.14.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.14.1-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src"
},
"product_reference": "satellite-0:6.14.1-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.14.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.14.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.14.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.14.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.14.1-1.el8sat.noarch as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.14.1-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src"
},
"product_reference": "satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64 as a component of Red Hat Satellite 6.14 for RHEL 8",
"product_id": "8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
},
"product_reference": "satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4886",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-08-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2230135"
}
],
"notes": [
{
"category": "description",
"text": "A sensitive information exposure vulnerability was found in foreman. Contents of tomcat\u0027s server.xml file, which contain passwords to candlepin\u0027s keystore and truststore, were found to be world readable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "foreman: World readable file containing secrets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has a limited impact on security, as candlepin\u0027s individual stores\u0027 privileges are limited to root and tomcat only. Therefore, the impact is limited to highly privileged users.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-4886"
},
{
"category": "external",
"summary": "RHBZ#2230135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230135"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-4886",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4886"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4886",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4886"
}
],
"release_date": "2023-10-03T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-14T16:30:08+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7851"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "foreman: World readable file containing secrets"
},
{
"cve": "CVE-2023-28362",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2217785"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site Scripting (XSS) vulnerability was found in Actionpack due to improper sanitization of user-supplied values. This allows provided values to contain characters that are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned location header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "actionpack: Possible XSS via User Supplied Values to redirect_to",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28362"
},
{
"category": "external",
"summary": "RHBZ#2217785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28362",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28362"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28362",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28362"
},
{
"category": "external",
"summary": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml"
}
],
"release_date": "2023-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-14T16:30:08+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7851"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "actionpack: Possible XSS via User Supplied Values to redirect_to"
},
{
"cve": "CVE-2023-41040",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2023-10-30T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2247040"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability was found in GitPython due to an input validation error when reading from the \".git\" directory. This issue may allow a remote attacker to prepare a specially crafted \".git\" file with directory traversal characters in file names and force the application to read these files from the local system, which can result in checking for the existence of a specific file on the system or allow a denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GitPython: Blind local file inclusion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability cannot be used to read the contents of files but could be used to trigger a denial of service for the program.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41040"
},
{
"category": "external",
"summary": "RHBZ#2247040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247040"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41040",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41040"
},
{
"category": "external",
"summary": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-cwvm-v4w8-q58c",
"url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-cwvm-v4w8-q58c"
}
],
"release_date": "2023-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-14T16:30:08+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7851"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "GitPython: Blind local file inclusion"
},
{
"cve": "CVE-2023-43804",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn\u0027t treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn\u0027t disable redirects explicitly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-urllib3: Cookie request header isn\u0027t stripped during cross-origin redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-43804"
},
{
"category": "external",
"summary": "RHBZ#2242493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-43804",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43804"
}
],
"release_date": "2023-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-14T16:30:08+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7851"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-urllib3: Cookie request header isn\u0027t stripped during cross-origin redirects"
},
{
"cve": "CVE-2023-45803",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-10-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246840"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn\u0027t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren\u0027t putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn\u0027t exploitable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: Request body not stripped after redirect from 303 status changes request method to GET",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Both of the following conditions must be true to be affected by this vulnerability: \n1. Using urllib3 and submitting sensitive information in the HTTP request body such as form data or JSON\n2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45803"
},
{
"category": "external",
"summary": "RHBZ#2246840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246840"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45803",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45803"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9",
"url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get"
}
],
"release_date": "2023-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-14T16:30:08+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7851"
},
{
"category": "workaround",
"details": "Users unable to update should disable redirects for services that aren\u0027t expecting to respond with redirects with `redirects=False`, disable automatic redirects with `redirects=False`, and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.",
"product_ids": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14-capsule:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14-capsule:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14-capsule:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14-capsule:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14-capsule:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14-capsule:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14-capsule:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14-capsule:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-capsule:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-capsule:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14-utils:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14-utils:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14-utils:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.src",
"8Base-satellite-6.14:createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-debugsource-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:createrepo_c-libs-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-0:3.7.0.10-1.el8sat.src",
"8Base-satellite-6.14:foreman-cli-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-debug-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-dynflow-sidekiq-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ec2-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-installer-1:3.7.0.5-1.el8sat.src",
"8Base-satellite-6.14:foreman-installer-katello-1:3.7.0.5-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-journald-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-libvirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-openstack-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-ovirt-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-postgresql-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-redis-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-service-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-telemetry-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:foreman-vmware-0:3.7.0.10-1.el8sat.noarch",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.src",
"8Base-satellite-6.14:pulpcore-selinux-0:2.0.0-1.el8pc.x86_64",
"8Base-satellite-6.14:python-django-import-export-0:3.1.0-1.el8pc.src",
"8Base-satellite-6.14:python-gitpython-0:3.1.40-0.1.el8pc.src",
"8Base-satellite-6.14:python-pulp-rpm-0:3.19.11-2.el8pc.src",
"8Base-satellite-6.14:python-pulpcore-0:3.22.19-1.el8pc.src",
"8Base-satellite-6.14:python-urllib3-0:1.26.18-0.1.el8pc.src",
"8Base-satellite-6.14:python3-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python3-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-createrepo_c-debuginfo-0:1.0.2-2.el8pc.x86_64",
"8Base-satellite-6.14:python39-django-import-export-0:3.1.0-1.el8pc.noarch",
"8Base-satellite-6.14:python39-gitpython-0:3.1.40-0.1.el8pc.noarch",
"8Base-satellite-6.14:python39-pulp-rpm-0:3.19.11-2.el8pc.noarch",
"8Base-satellite-6.14:python39-pulpcore-0:3.22.19-1.el8pc.noarch",
"8Base-satellite-6.14:python39-urllib3-0:1.26.18-0.1.el8pc.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actioncable-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailbox-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionmailer-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionpack-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actiontext-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-actionview-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activejob-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activemodel-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activerecord-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activestorage-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-activesupport-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_leapp-0:1.1.0-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-0:10.1.2-1.el8sat.src",
"8Base-satellite-6.14:rubygem-foreman_remote_execution-cockpit-0:10.1.2-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-katello-0:4.9.0.18-1.el8sat.src",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-rails-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.noarch",
"8Base-satellite-6.14:rubygem-railties-0:6.1.7.4-1.el8sat.src",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.noarch",
"8Base-satellite-6.14:rubygem-smart_proxy_remote_execution_ssh-0:0.10.2-2.el8sat.src",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-0:6.14.1-1.el8sat.src",
"8Base-satellite-6.14:satellite-capsule-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-cli-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-common-0:6.14.1-1.el8sat.noarch",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.src",
"8Base-satellite-6.14:satellite-convert2rhel-toolkit-0:1.0.0-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: Request body not stripped after redirect from 303 status changes request method to GET"
}
]
}
RHSA-2024:0116
Vulnerability from csaf_redhat - Published: 2024-01-10 10:50 - Updated: 2026-04-30 13:13Summary
Red Hat Security Advisory: python-urllib3 security update
Severity
Moderate
Notes
Topic: An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.
Security Fix(es):
* python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)
* urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.
5.9 (Medium)
Affected products
Threats
Impact
Moderate
A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.
4.2 (Medium)
Affected products
Threats
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python-urllib3 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.\n\nSecurity Fix(es):\n\n* python-urllib3: Cookie request header isn\u0027t stripped during cross-origin redirects (CVE-2023-43804)\n\n* urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0116",
"url": "https://access.redhat.com/errata/RHSA-2024:0116"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2242493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242493"
},
{
"category": "external",
"summary": "2246840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246840"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0116.json"
}
],
"title": "Red Hat Security Advisory: python-urllib3 security update",
"tracking": {
"current_release_date": "2026-04-30T13:13:39+00:00",
"generator": {
"date": "2026-04-30T13:13:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2024:0116",
"initial_release_date": "2024-01-10T10:50:46+00:00",
"revision_history": [
{
"date": "2024-01-10T10:50:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-10T10:50:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:13:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "python-urllib3-0:1.24.2-5.el8_9.2.src",
"product": {
"name": "python-urllib3-0:1.24.2-5.el8_9.2.src",
"product_id": "python-urllib3-0:1.24.2-5.el8_9.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-urllib3@1.24.2-5.el8_9.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-urllib3-0:1.24.2-5.el8_9.2.noarch",
"product": {
"name": "python3-urllib3-0:1.24.2-5.el8_9.2.noarch",
"product_id": "python3-urllib3-0:1.24.2-5.el8_9.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-urllib3@1.24.2-5.el8_9.2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-urllib3-0:1.24.2-5.el8_9.2.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.Z.MAIN:python-urllib3-0:1.24.2-5.el8_9.2.src"
},
"product_reference": "python-urllib3-0:1.24.2-5.el8_9.2.src",
"relates_to_product_reference": "BaseOS-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-urllib3-0:1.24.2-5.el8_9.2.noarch as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.9.0.Z.MAIN:python3-urllib3-0:1.24.2-5.el8_9.2.noarch"
},
"product_reference": "python3-urllib3-0:1.24.2-5.el8_9.2.noarch",
"relates_to_product_reference": "BaseOS-8.9.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-43804",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-10-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn\u0027t treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn\u0027t disable redirects explicitly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-urllib3: Cookie request header isn\u0027t stripped during cross-origin redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.9.0.Z.MAIN:python-urllib3-0:1.24.2-5.el8_9.2.src",
"BaseOS-8.9.0.Z.MAIN:python3-urllib3-0:1.24.2-5.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-43804"
},
{
"category": "external",
"summary": "RHBZ#2242493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-43804",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43804"
}
],
"release_date": "2023-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T10:50:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.9.0.Z.MAIN:python-urllib3-0:1.24.2-5.el8_9.2.src",
"BaseOS-8.9.0.Z.MAIN:python3-urllib3-0:1.24.2-5.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0116"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.9.0.Z.MAIN:python-urllib3-0:1.24.2-5.el8_9.2.src",
"BaseOS-8.9.0.Z.MAIN:python3-urllib3-0:1.24.2-5.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"BaseOS-8.9.0.Z.MAIN:python-urllib3-0:1.24.2-5.el8_9.2.src",
"BaseOS-8.9.0.Z.MAIN:python3-urllib3-0:1.24.2-5.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-urllib3: Cookie request header isn\u0027t stripped during cross-origin redirects"
},
{
"cve": "CVE-2023-45803",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-10-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2246840"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn\u0027t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren\u0027t putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn\u0027t exploitable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: Request body not stripped after redirect from 303 status changes request method to GET",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Both of the following conditions must be true to be affected by this vulnerability: \n1. Using urllib3 and submitting sensitive information in the HTTP request body such as form data or JSON\n2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.9.0.Z.MAIN:python-urllib3-0:1.24.2-5.el8_9.2.src",
"BaseOS-8.9.0.Z.MAIN:python3-urllib3-0:1.24.2-5.el8_9.2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45803"
},
{
"category": "external",
"summary": "RHBZ#2246840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2246840"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45803",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45803"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9",
"url": "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#name-get"
}
],
"release_date": "2023-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-10T10:50:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.9.0.Z.MAIN:python-urllib3-0:1.24.2-5.el8_9.2.src",
"BaseOS-8.9.0.Z.MAIN:python3-urllib3-0:1.24.2-5.el8_9.2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0116"
},
{
"category": "workaround",
"details": "Users unable to update should disable redirects for services that aren\u0027t expecting to respond with redirects with `redirects=False`, disable automatic redirects with `redirects=False`, and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.",
"product_ids": [
"BaseOS-8.9.0.Z.MAIN:python-urllib3-0:1.24.2-5.el8_9.2.src",
"BaseOS-8.9.0.Z.MAIN:python3-urllib3-0:1.24.2-5.el8_9.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"BaseOS-8.9.0.Z.MAIN:python-urllib3-0:1.24.2-5.el8_9.2.src",
"BaseOS-8.9.0.Z.MAIN:python3-urllib3-0:1.24.2-5.el8_9.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: Request body not stripped after redirect from 303 status changes request method to GET"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…