Vulnerability-Lookup

CVE-2023-4639 (GCVE-0-2023-4639)

Vulnerability from cvelistv5 – Published: 2024-11-17 10:21 – Updated: 2025-02-07 17:02

Title

Undertow: cookie smuggling/spoofing

Summary

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.

Severity

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Assigner

redhat

References

9 references

URL	Tags
https://access.redhat.com/errata/RHSA-2024:1674	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1675	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1676	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1677	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2763	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2764	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:3919	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-4639	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2166022	issue-trackingx_refsource_REDHAT

Impacted products

27 products

Vendor	Product	Version
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8	Unaffected: 1.2-23 , < * (rpm) cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8	Unaffected: 1.2-15 , < * (rpm) cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8	Unaffected: 1.2-16 , < * (rpm) cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8	Unaffected: 1.2-14 , < * (rpm) cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:2.2.30-1.SP1_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:2.2.30-1.SP1_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:2.2.30-1.SP1_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.3.11-1.SP1_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.3.11-1.SP1_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Migration Toolkit for Applications 6	cpe:/a:redhat:migration_toolkit_applications:6
Red Hat	Red Hat build of Apache Camel for Spring Boot 3	cpe:/a:redhat:camel_spring_boot:3
Red Hat	Red Hat build of Apicurio Registry	cpe:/a:redhat:service_registry:2
Red Hat	Red Hat build of Quarkus	cpe:/a:redhat:quarkus:2
Red Hat	Red Hat Data Grid 8	cpe:/a:redhat:jboss_data_grid:8
Red Hat	Red Hat Decision Manager 7	cpe:/a:redhat:jboss_enterprise_brms_platform:7
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat Integration Camel K	cpe:/a:redhat:integration:1
Red Hat	Red Hat Integration Camel Quarkus	cpe:/a:redhat:camel_quarkus:2
Red Hat	Red Hat Integration Change Data Capture	cpe:/a:redhat:integration:1
Red Hat	Red Hat JBoss Data Grid 7	cpe:/a:redhat:jboss_data_grid:7
Red Hat	Red Hat JBoss Enterprise Application Platform 6	cpe:/a:redhat:jboss_enterprise_application_platform:6
Red Hat	Red Hat JBoss Fuse 6	cpe:/a:redhat:jboss_fuse:6
Red Hat	Red Hat JBoss Fuse Service Works 6	cpe:/a:redhat:jboss_fuse_service_works:6
Red Hat	Red Hat Process Automation 7	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7

Date Public

2024-02-08 00:00

Credits

Red Hat would like to thank Ankur Sundara for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4639",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-17T16:17:32.886591Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-17T16:17:46.027Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-07T17:02:40.205Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250207-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-operator-bundle",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-23",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-rhel8-operator",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-15",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-web-container-rhel8",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-web-executor-container-rhel8",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.30-1.SP1_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.30-1.SP1_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.30-1.SP1_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.11-1.SP1_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.11-1.SP1_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_applications:6"
          ],
          "defaultStatus": "affected",
          "packageName": "org.keycloak-keycloak-parent",
          "product": "Migration Toolkit for Applications 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:camel_spring_boot:3"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "Red Hat build of Apache Camel for Spring Boot 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_registry:2"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat build of Apicurio Registry",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quarkus:2"
          ],
          "defaultStatus": "unknown",
          "packageName": "io.quarkus/quarkus-undertow",
          "product": "Red Hat build of Quarkus",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "Red Hat Data Grid 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat Decision Manager 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:integration:1"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "Red Hat Integration Camel K",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:camel_quarkus:2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "Red Hat Integration Camel Quarkus",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:integration:1"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat Integration Change Data Capture",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat JBoss Fuse 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse_service_works:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat JBoss Fuse Service Works 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Ankur Sundara for reporting this issue."
        }
      ],
      "datePublic": "2024-02-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-17T10:21:44.539Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1674",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1674"
        },
        {
          "name": "RHSA-2024:1675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1675"
        },
        {
          "name": "RHSA-2024:1676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1676"
        },
        {
          "name": "RHSA-2024:1677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1677"
        },
        {
          "name": "RHSA-2024:2763",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2763"
        },
        {
          "name": "RHSA-2024:2764",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2764"
        },
        {
          "name": "RHSA-2024:3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3919"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-4639"
        },
        {
          "name": "RHBZ#2166022",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-01-28T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-02-08T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Undertow: cookie smuggling/spoofing",
      "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-4639",
    "datePublished": "2024-11-17T10:21:44.539Z",
    "dateReserved": "2023-08-30T14:52:04.007Z",
    "dateUpdated": "2025-02-07T17:02:40.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-4639",
      "date": "2026-05-29",
      "epss": "0.0736",
      "percentile": "0.91823"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4639\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-11-17T11:15:05.840\",\"lastModified\":\"2025-02-07T17:15:29.713\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en Undertow que analiza incorrectamente las cookies con ciertos caracteres que delimitan valores en las solicitudes entrantes. Este problema podr\u00eda permitir que un atacante construya un valor de cookie para extraer valores de cookies HttpOnly o falsificar valores de cookies adicionales arbitrarios, lo que lleva a un acceso o modificaci\u00f3n de datos no autorizados. La principal amenaza de esta falla afecta la confidencialidad e integridad de los datos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1674\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1675\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1676\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1677\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2763\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:2764\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:3919\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-4639\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2166022\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250207-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250207-0001/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-02-07T17:02:40.205Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4639\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-17T16:17:32.886591Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-17T16:17:40.737Z\"}}], \"cna\": {\"title\": \"Undertow: cookie smuggling/spoofing\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Ankur Sundara for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Runtimes 1 on RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.2-23\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"mtr/mtr-operator-bundle\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Runtimes 1 on RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.2-15\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"mtr/mtr-rhel8-operator\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Runtimes 1 on RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.2-16\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"mtr/mtr-web-container-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Runtimes 1 on RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"1.2-14\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"mtr/mtr-web-executor-container-rhel8\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7.4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.2.30-1.SP1_redhat_00001.1.el8eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.2.30-1.SP1_redhat_00001.1.el9eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.2.30-1.SP1_redhat_00001.1.el7eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap7-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8\", \"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.3.11-1.SP1_redhat_00001.1.el8eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap8-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8\", \"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.3.11-1.SP1_redhat_00001.1.el9eap\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"eap8-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:migration_toolkit_applications:6\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Applications 6\", \"packageName\": \"org.keycloak-keycloak-parent\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:camel_spring_boot:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Apache Camel for Spring Boot 3\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_registry:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Apicurio Registry\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:quarkus:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Quarkus\", \"packageName\": \"io.quarkus/quarkus-undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_data_grid:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Data Grid 8\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_brms_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Decision Manager 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_fuse:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Fuse 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:integration:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Integration Camel K\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:camel_quarkus:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Integration Camel Quarkus\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:integration:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Integration Change Data Capture\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_data_grid:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Data Grid 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 6\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_fuse:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Fuse 6\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_fuse_service_works:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Fuse Service Works 6\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_bpms_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Process Automation 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_single_sign_on:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Single Sign-On 7\", \"packageName\": \"undertow\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-01-28T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-02-08T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-02-08T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:1674\", \"name\": \"RHSA-2024:1674\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:1675\", \"name\": \"RHSA-2024:1675\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:1676\", \"name\": \"RHSA-2024:1676\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:1677\", \"name\": \"RHSA-2024:1677\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:2763\", \"name\": \"RHSA-2024:2763\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:2764\", \"name\": \"RHSA-2024:2764\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:3919\", \"name\": \"RHSA-2024:3919\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-4639\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2166022\", \"name\": \"RHBZ#2166022\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2024-11-17T10:21:44.539Z\"}, \"x_redhatCweChain\": \"CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)\"}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-4639\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-07T17:02:40.205Z\", \"dateReserved\": \"2023-08-30T14:52:04.007Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-11-17T10:21:44.539Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

RHSA-2024:3919

Vulnerability from csaf_redhat - Published: 2024-06-13 11:37 - Updated: 2026-05-16 23:26

Summary

Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update

Severity

Important

Notes

Topic: Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Migration Toolkit for Runtimes 1.2.6 Images Security Fix(es): * undertow: Cookie Smuggling/Spoofing (CVE-2023-4639) * jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479) * css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364) * css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631) * keycloak: path transversal in redirection validation (CVE-2024-1132) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-4639

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 15 products

Product	Version	Remediation
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-26364

A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Fixed 15 products

Product	Version	Remediation
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-36479

A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.

3.5 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

CWE-149 - Improper Neutralization of Quoting Syntax

Affected products

Fixed 15 products

Product	Version	Remediation
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64	—	Vendor Fix fix

Threats

Impact Low

CVE-2023-48631

A Regular Expression Denial of Service (ReDoS) vulnerability was found in Adobe's css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 15 products

Product	Version	Remediation
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-1132

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 15 products

Product	Version	Remediation
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

30 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:3919	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2166022	external
https://bugzilla.redhat.com/show_bug.cgi?id=2239630	external
https://bugzilla.redhat.com/show_bug.cgi?id=2250364	external
https://bugzilla.redhat.com/show_bug.cgi?id=2254559	external
https://bugzilla.redhat.com/show_bug.cgi?id=2262117	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-4639	self
https://bugzilla.redhat.com/show_bug.cgi?id=2166022	external
https://www.cve.org/CVERecord?id=CVE-2023-4639	external
https://nvd.nist.gov/vuln/detail/CVE-2023-4639	external
https://access.redhat.com/security/cve/CVE-2023-26364	self
https://bugzilla.redhat.com/show_bug.cgi?id=2250364	external
https://www.cve.org/CVERecord?id=CVE-2023-26364	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26364	external
https://github.com/adobe/css-tools/security/advis…	external
https://access.redhat.com/security/cve/CVE-2023-36479	self
https://bugzilla.redhat.com/show_bug.cgi?id=2239630	external
https://www.cve.org/CVERecord?id=CVE-2023-36479	external
https://nvd.nist.gov/vuln/detail/CVE-2023-36479	external
https://access.redhat.com/security/cve/CVE-2023-48631	self
https://bugzilla.redhat.com/show_bug.cgi?id=2254559	external
https://www.cve.org/CVERecord?id=CVE-2023-48631	external
https://nvd.nist.gov/vuln/detail/CVE-2023-48631	external
https://github.com/adobe/css-tools/security/advis…	external
https://access.redhat.com/security/cve/CVE-2024-1132	self
https://bugzilla.redhat.com/show_bug.cgi?id=2262117	external
https://www.cve.org/CVERecord?id=CVE-2024-1132	external
https://nvd.nist.gov/vuln/detail/CVE-2024-1132	external

Acknowledgments

Ankur Sundara

Axel Flamcourt

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Migration Toolkit for Runtimes 1.2.6 release\nRed Hat Product Security has rated this update as having a security impact of Important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Runtimes 1.2.6 Images\n\nSecurity Fix(es):\n\n* undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)\n* jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)\n* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)\n* css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)\n* keycloak: path transversal in redirection validation (CVE-2024-1132)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:3919",
        "url": "https://access.redhat.com/errata/RHSA-2024:3919"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2166022",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
      },
      {
        "category": "external",
        "summary": "2239630",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
      },
      {
        "category": "external",
        "summary": "2250364",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364"
      },
      {
        "category": "external",
        "summary": "2254559",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559"
      },
      {
        "category": "external",
        "summary": "2262117",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3919.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-05-16T23:26:26+00:00",
      "generator": {
        "date": "2026-05-16T23:26:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2024:3919",
      "initial_release_date": "2024-06-13T11:37:27+00:00",
      "revision_history": [
        {
          "date": "2024-06-13T11:37:27+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-06-13T11:37:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-16T23:26:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Migration Toolkit for Runtimes 1 on RHEL 8",
                "product": {
                  "name": "Migration Toolkit for Runtimes 1 on RHEL 8",
                  "product_id": "8Base-MTR-1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Runtimes"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
                "product": {
                  "name": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
                  "product_id": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-23"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
                "product": {
                  "name": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
                  "product_id": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
                "product": {
                  "name": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
                  "product_id": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
                "product": {
                  "name": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
                  "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-14"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
                "product": {
                  "name": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
                  "product_id": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-23"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
                "product": {
                  "name": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
                  "product_id": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
                "product": {
                  "name": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
                  "product_id": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
                "product": {
                  "name": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
                  "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-14"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
                "product": {
                  "name": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
                  "product_id": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-23"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
                "product": {
                  "name": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
                  "product_id": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64",
                "product": {
                  "name": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64",
                  "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-14"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
                "product": {
                  "name": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
                  "product_id": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-23"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
                "product": {
                  "name": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
                  "product_id": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
                "product": {
                  "name": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
                  "product_id": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
                "product": {
                  "name": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
                  "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-14"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64"
        },
        "product_reference": "mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x"
        },
        "product_reference": "mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64"
        },
        "product_reference": "mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le"
        },
        "product_reference": "mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64"
        },
        "product_reference": "mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64"
        },
        "product_reference": "mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le"
        },
        "product_reference": "mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x"
        },
        "product_reference": "mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64"
        },
        "product_reference": "mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x"
        },
        "product_reference": "mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le"
        },
        "product_reference": "mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le"
        },
        "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x"
        },
        "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64"
        },
        "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
        },
        "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64",
        "relates_to_product_reference": "8Base-MTR-1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Ankur Sundara"
          ]
        }
      ],
      "cve": "CVE-2023-4639",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2023-01-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2166022"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: Cookie Smuggling/Spoofing",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-4639"
        },
        {
          "category": "external",
          "summary": "RHBZ#2166022",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166022"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-4639"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4639"
        }
      ],
      "release_date": "2024-02-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:37:27+00:00",
          "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3919"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "undertow: Cookie Smuggling/Spoofing"
    },
    {
      "cve": "CVE-2023-26364",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2023-11-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2250364"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Adobe CSS Tools. An improper input validation could result in a minor denial of service while parsing a malicious CSS with the parse component. User interaction and privileges are not required to jeopardize an environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26364"
        },
        {
          "category": "external",
          "summary": "RHBZ#2250364",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250364"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26364"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26364"
        },
        {
          "category": "external",
          "summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg",
          "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-hpx4-r86g-5jrg"
        }
      ],
      "release_date": "2023-11-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:37:27+00:00",
          "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3919"
        },
        {
          "category": "workaround",
          "details": "No mitigation is yet available for this vulnerability.",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "css-tools: Improper Input Validation causes Denial of Service via Regular Expression"
    },
    {
      "cve": "CVE-2023-36479",
      "cwe": {
        "id": "CWE-149",
        "name": "Improper Neutralization of Quoting Syntax"
      },
      "discovery_date": "2023-09-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2239630"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Jetty\u0027s CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: Improper addition of quotation marks to user inputs in CgiServlet",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-36479"
        },
        {
          "category": "external",
          "summary": "RHBZ#2239630",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239630"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-36479",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479"
        }
      ],
      "release_date": "2023-09-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:37:27+00:00",
          "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3919"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jetty: Improper addition of quotation marks to user inputs in CgiServlet"
    },
    {
      "cve": "CVE-2023-48631",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-12-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2254559"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in Adobe\u0027s css-tools when parsing CSS. This issue occurs due to improper input validation and may allow an attacker to use a carefully crafted input string to cause a denial of service, especially when attempting to parse CSS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "css-tools: regular expression denial of service (ReDoS) when parsing CSS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Regular Expression Denial of Service (ReDoS) vulnerability in css-tools, triggered by improper input validation when parsing CSS, is considered of moderate severity. While it can lead to a denial of service by causing the application to become unresponsive, the impact is limited to scenarios where an attacker can provide crafted input. Additionally, the absence of evidence of active exploitation in the wild and contextual factors, such as the software\u0027s usage, contribute to the moderate severity rating.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-48631"
        },
        {
          "category": "external",
          "summary": "RHBZ#2254559",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254559"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48631",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-48631"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48631"
        },
        {
          "category": "external",
          "summary": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2",
          "url": "https://github.com/adobe/css-tools/security/advisories/GHSA-prr3-c3m5-p7q2"
        }
      ],
      "release_date": "2023-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:37:27+00:00",
          "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3919"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "css-tools: regular expression denial of service (ReDoS) when parsing CSS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Axel Flamcourt"
          ]
        }
      ],
      "cve": "CVE-2024-1132",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2024-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2262117"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: path transversal in redirection validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not impacted as this CVE affects the server-side Keycloak execution, but Quarkus only acts as a Keycloak client in its quarkus-keycloak-authorization extension. For this reason, Quarkus is marked as having a Low impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-1132"
        },
        {
          "category": "external",
          "summary": "RHBZ#2262117",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1132",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-1132"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1132"
        }
      ],
      "release_date": "2024-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-06-13T11:37:27+00:00",
          "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:3919"
        },
        {
          "category": "workaround",
          "details": "No current mitigation is available for this vulnerability.",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:2c132bd429d741bcb1a36895f65dadc37450c647fc0861136710727bb69bc5d1_amd64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:90d510486ed7e458b1eb16b5daf395c1b34bd6ddfb3333f41cb20bbc898ad36d_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:cde45cc88b03ad57956677aa2191fcf114c0cf4986ddded7ac4f4f0aa65c5c83_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:edde2c2b6191bf2b882e4ce5c97c1703dc42c2141af4476126e11f817910be0c_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:0f129deb43182cb4979c40abaa5f7976531f054ef9c3ad03ebee710507744dd9_arm64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8169013d1c2cac270421288b83d0f3537bcd5d1bafedb408e24ce85316a5c4c0_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:bc37d362d2ff0bad08e34aef2692e7af7b2529285822fe6262f66f1c885a56a4_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c7e15b0a37ac68d66e56e98c447d5166ed4dcd26a015fc85429698327b9a8ecf_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7788242640825875824a2f9565288b8284e560415c595b1503d116990018a44e_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:7899a343fec790b2cdc475983f4bcb2afa5025b7a87e0752d68895b75b3c43ff_s390x",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:8aa060cb2b0fe2409fa8aa0030bd1841035d5e29c39fb699b68719109141f4bb_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:18ff92e2ec54ff45c233749f66a98f17dfcca533eda934f30c33d42aa3e8b46b_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:94b5ea42b3f8d462a5c4e67f73ff2981c3a5616c69d92a266d5dd2cc0f84cc77_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b68eadce9000dd5d4bf452dccf0c6ef795aacbd47cd57a2b7bde78eb38695506_amd64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:dabf02f1c9d0d15959a7e49ba34d45e0399849207f0ce0ddead80ae44b06a608_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: path transversal in redirection validation"
    }
  ]
}

WID-SEC-W-2024-1084

Vulnerability from csaf_certbund - Published: 2024-05-09 22:00 - Updated: 2025-06-24 22:00

Summary

Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.

Angriff: Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme: - Linux

CVE-2023-1973

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat JBoss Enterprise Application Platform <8.0 Red Hat / JBoss Enterprise Application Platform		<8.0

CVE-2023-4639

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat JBoss Enterprise Application Platform <8.0 Red Hat / JBoss Enterprise Application Platform		<8.0

CVE-2024-1459

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat JBoss Enterprise Application Platform <8.0 Red Hat / JBoss Enterprise Application Platform		<8.0

References

6 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2024:2763	external
https://access.redhat.com/errata/RHSA-2024:2764	external
https://access.redhat.com/errata/RHSA-2024:3919	external
https://access.redhat.com/errata/RHSA-2025:9583	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Enterprise Application Platform ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1084 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1084.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1084 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1084"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2763 vom 2024-05-09",
        "url": "https://access.redhat.com/errata/RHSA-2024:2763"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2764 vom 2024-05-09",
        "url": "https://access.redhat.com/errata/RHSA-2024:2764"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory",
        "url": "https://access.redhat.com/errata/RHSA-2024:3919"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:9583 vom 2025-06-25",
        "url": "https://access.redhat.com/errata/RHSA-2025:9583"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat JBoss Enterprise Application Platform: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-24T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-25T11:36:08.854+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-1084",
      "initial_release_date": "2024-05-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-05-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-06-13T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-06-24T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "T035142",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.0",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform \u003c8.0",
                  "product_id": "T034675"
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 8.0",
                  "product_id": "T034675-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JBoss Enterprise Application Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-1973",
      "product_status": {
        "known_affected": [
          "67646",
          "T035142",
          "T034675"
        ]
      },
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2023-1973"
    },
    {
      "cve": "CVE-2023-4639",
      "product_status": {
        "known_affected": [
          "67646",
          "T035142",
          "T034675"
        ]
      },
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2023-4639"
    },
    {
      "cve": "CVE-2024-1459",
      "product_status": {
        "known_affected": [
          "67646",
          "T035142",
          "T034675"
        ]
      },
      "release_date": "2024-05-09T22:00:00.000+00:00",
      "title": "CVE-2024-1459"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-4639 (GCVE-0-2023-4639)

RHSA-2024:3919

WID-SEC-W-2024-1084

Tags

Sightings

Nomenclature