Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-28180 (GCVE-0-2024-28180)
Vulnerability from cvelistv5 – Published: 2024-03-09 00:54 – Updated: 2025-02-13 17:47- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
| Vendor | Product | Version | |
|---|---|---|---|
| go-jose | go-jose |
Affected:
< 4.0.1
Affected: < 3.0.3 Affected: < 2.6.3 |
|
| go-jose_project | go-jose |
Affected:
0 , < 4.0.1
(custom)
Affected: 0 , < 3.0.3 (custom) Affected: 0 , < 2.6.3 (custom) cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"
},
{
"name": "https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298"
},
{
"name": "https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a"
},
{
"name": "https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "go-jose",
"vendor": "go-jose_project",
"versions": [
{
"lessThan": "4.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T15:08:38.886435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T17:51:52.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "go-jose",
"vendor": "go-jose",
"versions": [
{
"status": "affected",
"version": "\u003c 4.0.1"
},
{
"status": "affected",
"version": "\u003c 3.0.3"
},
{
"status": "affected",
"version": "\u003c 2.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T02:06:02.656Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"
},
{
"name": "https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298"
},
{
"name": "https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a"
},
{
"name": "https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/"
}
],
"source": {
"advisory": "GHSA-c5q2-7r4c-mv6g",
"discovery": "UNKNOWN"
},
"title": "Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28180",
"datePublished": "2024-03-09T00:54:46.382Z",
"dateReserved": "2024-03-06T17:35:00.857Z",
"dateUpdated": "2025-02-13T17:47:27.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-28180",
"date": "2026-06-30",
"epss": "0.01956",
"percentile": "0.77784"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-28180\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-03-09T01:15:07.340\",\"lastModified\":\"2026-06-17T07:21:09.183\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.\"},{\"lang\":\"es\",\"value\":\"El paquete jose tiene como objetivo proporcionar una implementaci\u00f3n del conjunto de est\u00e1ndares de cifrado y firma de objetos Javascript. Un atacante podr\u00eda enviar un JWE que contenga datos comprimidos que utilicen grandes cantidades de memoria y CPU cuando los descomprima Decrypt o DecryptMulti. Esas funciones ahora devuelven un error si los datos descomprimidos superan los 250 kB o 10 veces el tama\u00f1o comprimido (lo que sea mayor). Esta vulnerabilidad ha sido parcheada en las versiones 4.0.1, 3.0.3 y 2.6.3.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"go-jose\",\"product\":\"go-jose\",\"versions\":[{\"version\":\"\u003c 4.0.1\",\"status\":\"affected\"},{\"version\":\"\u003c 3.0.3\",\"status\":\"affected\"},{\"version\":\"\u003c 2.6.3\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"go-jose_project\",\"product\":\"go-jose\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"4.0.1\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"3.0.3\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"2.6.3\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-03-11T15:08:38.886435Z\",\"id\":\"CVE-2024-28180\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-409\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.6.3\",\"matchCriteriaId\":\"00EED169-7E10-4D6A-90BF-30DFB3A8D534\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.3\",\"matchCriteriaId\":\"0ECBCDBF-2A60-4FE3-A399-0B39B1E2098B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.0.1\",\"matchCriteriaId\":\"CC4169EA-4867-4CB1-9B71-4D9C95E0E44F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"38\",\"versionEndIncluding\":\"40\",\"matchCriteriaId\":\"37BED070-B2FB-4728-82CD-71B5EB1F30D5\"}]}]}],\"references\":[{\"url\":\"https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g\", \"name\": \"https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298\", \"name\": \"https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a\", \"name\": \"https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502\", \"name\": \"https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:48:49.442Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-28180\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-11T15:08:38.886435Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*\"], \"vendor\": \"go-jose_project\", \"product\": \"go-jose\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.0.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.0.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.6.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-28T17:51:46.349Z\"}}], \"cna\": {\"title\": \"Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)\", \"source\": {\"advisory\": \"GHSA-c5q2-7r4c-mv6g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"go-jose\", \"product\": \"go-jose\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.0.1\"}, {\"status\": \"affected\", \"version\": \"\u003c 3.0.3\"}, {\"status\": \"affected\", \"version\": \"\u003c 2.6.3\"}]}], \"references\": [{\"url\": \"https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g\", \"name\": \"https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298\", \"name\": \"https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a\", \"name\": \"https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502\", \"name\": \"https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-409\", \"description\": \"CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-06-12T02:06:02.656Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-28180\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:47:27.104Z\", \"dateReserved\": \"2024-03-06T17:35:00.857Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-03-09T00:54:46.382Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2024:3151-1
Vulnerability from csaf_suse - Published: 2024-09-06 08:23 - Updated: 2024-09-06 08:23| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\nUpdate to version 1.35.4:\n\n* Bump to Buildah v1.35.4\n* CVE-2024-3727 updates (bsc#1224117)\n* integration test: handle new labels in \u0027bud and test --unsetlabel\u0027\n* Bump go-jose CVE-2024-28180\n* Bump ocicrypt and go-jose CVE-2024-28180\n\nUpdate to version 1.35.3:\n\n* correctly configure /etc/hosts and resolv.conf\n* buildah: refactor resolv/hosts setup.\n* CVE-2024-24786 protobuf to 1.33\n\n\nUpdate to version 1.35.1:\n\n* CVE-2024-1753 container escape fix (bsc#1221677)\n\n- Buildah dropped cni support, require netavark instead (bsc#1221243)\n\n- Remove obsolete requires libcontainers-image \u0026 libcontainers-storage\n\n- Require passt for rootless networking (poo#156955)\n Buildah moved to passt/pasta for rootless networking from slirp4netns\n (https://github.com/containers/common/pull/1846)\n\nUpdate to version 1.35.0:\n\n* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0\n* conformance tests: don\u0027t break on trailing zeroes in layer blobs\n* Add a conformance test for copying to a mounted prior stage\n* cgroups: reuse version check from c/common\n* Update vendor of containers/(common,image)\n* manifest add: complain if we get artifact flags without --artifact\n* Use retry logic from containers/common\n* Vendor in containers/(storage,image,common)\n* Update module golang.org/x/crypto to v0.20.0\n* Add comment re: Total Success task name\n* tests: skip_if_no_unshare(): check for --setuid\n* Properly handle build --pull=false\n* [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1\n* Update module go.etcd.io/bbolt to v1.3.9\n* Revert \u0027Reduce official image size\u0027\n* Update module github.com/opencontainers/image-spec to v1.1.0\n* Reduce official image size\n* Build with CNI support on FreeBSD\n* build --all-platforms: skip some base \u0027image\u0027 platforms\n* Bump main to v1.35.0-dev\n* Vendor in latest containers/(storage,image,common)\n* Split up error messages for missing --sbom related flags\n* `buildah manifest`: add artifact-related options\n* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing\n* cmd/buildah/manifest.go: don\u0027t make struct declarations aliases\n* Use golang.org/x/exp/slices.Contains\n* Disable loong64 again\n* Fix a couple of typos in one-line comments\n* egrep is obsolescent; use grep -E\n* Try Cirrus with a newer VM version\n* Set CONTAINERS_CONF in the chroot-mount-flags integration test\n* Update to match dependency API update\n* Update github.com/openshift/imagebuilder and containers/common\n* docs: correct default authfile path\n* tests: retrofit test for heredoc summary\n* build, heredoc: show heredoc summary in build output\n* manifest, push: add support for --retry and --retry-delay\n* imagebuildah: fix crash with empty RUN\n* Make buildah match podman for handling of ulimits\n* docs: move footnotes to where they\u0027re applicable\n* Allow users to specify no-dereference\n* docs: use reversed logo for dark theme in README\n* build,commit: add --sbom to scan and produce SBOMs when committing\n* commit: force omitHistory if the parent has layers but no history\n* docs: fix a couple of typos\n* internal/mkcw.Archive(): handle extra image content\n* stage_executor,heredoc: honor interpreter in heredoc\n* stage_executor,layers: burst cache if heredoc content is changed\n* Replace map[K]bool with map[K]struct{} where it makes sense\n* Replace strings.SplitN with strings.Cut\n* Document use of containers-transports values in buildah\n* manifest: addCompression use default from containers.conf\n* commit: add a --add-file flag\n* mkcw: populate the rootfs using an overlay\n* Ignore errors if label.Relabel returns ENOSUP",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3151,SUSE-SLE-Module-Containers-15-SP5-2024-3151,SUSE-SLE-Module-Containers-15-SP6-2024-3151,openSUSE-SLE-15.5-2024-3151,openSUSE-SLE-15.6-2024-3151",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3151-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3151-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243151-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3151-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-September/036812.html"
},
{
"category": "self",
"summary": "SUSE Bug 1221243",
"url": "https://bugzilla.suse.com/1221243"
},
{
"category": "self",
"summary": "SUSE Bug 1221677",
"url": "https://bugzilla.suse.com/1221677"
},
{
"category": "self",
"summary": "SUSE Bug 1224117",
"url": "https://bugzilla.suse.com/1224117"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1753 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24786 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3727 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3727/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2024-09-06T08:23:40Z",
"generator": {
"date": "2024-09-06T08:23:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3151-1",
"initial_release_date": "2024-09-06T08:23:40Z",
"revision_history": [
{
"date": "2024-09-06T08:23:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150500.3.10.1.aarch64",
"product": {
"name": "buildah-1.35.4-150500.3.10.1.aarch64",
"product_id": "buildah-1.35.4-150500.3.10.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150500.3.10.1.i586",
"product": {
"name": "buildah-1.35.4-150500.3.10.1.i586",
"product_id": "buildah-1.35.4-150500.3.10.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150500.3.10.1.ppc64le",
"product": {
"name": "buildah-1.35.4-150500.3.10.1.ppc64le",
"product_id": "buildah-1.35.4-150500.3.10.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150500.3.10.1.s390x",
"product": {
"name": "buildah-1.35.4-150500.3.10.1.s390x",
"product_id": "buildah-1.35.4-150500.3.10.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150500.3.10.1.x86_64",
"product": {
"name": "buildah-1.35.4-150500.3.10.1.x86_64",
"product_id": "buildah-1.35.4-150500.3.10.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150500.3.10.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64"
},
"product_reference": "buildah-1.35.4-150500.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-1753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1753"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1753",
"url": "https://www.suse.com/security/cve/CVE-2024-1753"
},
{
"category": "external",
"summary": "SUSE Bug 1221677 for CVE-2024-1753",
"url": "https://bugzilla.suse.com/1221677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-06T08:23:40Z",
"details": "important"
}
],
"title": "CVE-2024-1753"
},
{
"cve": "CVE-2024-24786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24786"
}
],
"notes": [
{
"category": "general",
"text": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24786",
"url": "https://www.suse.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "SUSE Bug 1226136 for CVE-2024-24786",
"url": "https://bugzilla.suse.com/1226136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-06T08:23:40Z",
"details": "important"
}
],
"title": "CVE-2024-24786"
},
{
"cve": "CVE-2024-28180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28180"
}
],
"notes": [
{
"category": "general",
"text": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28180",
"url": "https://www.suse.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "SUSE Bug 1234984 for CVE-2024-28180",
"url": "https://bugzilla.suse.com/1234984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-06T08:23:40Z",
"details": "moderate"
}
],
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-3727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3727"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3727",
"url": "https://www.suse.com/security/cve/CVE-2024-3727"
},
{
"category": "external",
"summary": "SUSE Bug 1224112 for CVE-2024-3727",
"url": "https://bugzilla.suse.com/1224112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:buildah-1.35.4-150500.3.10.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.5:buildah-1.35.4-150500.3.10.1.x86_64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.aarch64",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.ppc64le",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.s390x",
"openSUSE Leap 15.6:buildah-1.35.4-150500.3.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-06T08:23:40Z",
"details": "important"
}
],
"title": "CVE-2024-3727"
}
]
}
SUSE-SU-2024:3186-1
Vulnerability from csaf_suse - Published: 2024-09-10 07:43 - Updated: 2024-09-10 07:43| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\nUpdate to version 1.35.4:\n\n* CVE-2024-3727 updates (bsc#1224117)\n* Bump go-jose CVE-2024-28180\n* Bump ocicrypt and go-jose CVE-2024-28180\n\nUpdate to version 1.35.3:\n\n* correctly configure /etc/hosts and resolv.conf\n* buildah: refactor resolv/hosts setup.\n* rename the hostFile var to reflect\n* CVE-2024-24786 protobuf to 1.33\n\n\nUpdate to version 1.35.1:\n\n* CVE-2024-1753 container escape fix (bsc#1221677)\n\n- Buildah dropped cni support, require netavark instead (bsc#1221243)\n\n- Remove obsolete requires libcontainers-image \u0026 libcontainers-storage\n\n- Require passt for rootless networking (poo#156955)\n Buildah moved to passt/pasta for rootless networking from slirp4netns\n (https://github.com/containers/common/pull/1846)\n\nUpdate to version 1.35.0:\n\n* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0\n* conformance tests: don\u0027t break on trailing zeroes in layer blobs\n* Add a conformance test for copying to a mounted prior stage\n* cgroups: reuse version check from c/common\n* Update vendor of containers/(common,image)\n* manifest add: complain if we get artifact flags without --artifact\n* Use retry logic from containers/common\n* Vendor in containers/(storage,image,common)\n* Update module golang.org/x/crypto to v0.20.0\n* Add comment re: Total Success task name\n* tests: skip_if_no_unshare(): check for --setuid\n* Properly handle build --pull=false\n* Update module go.etcd.io/bbolt to v1.3.9\n* Update module github.com/opencontainers/image-spec to v1.1.0\n* build --all-platforms: skip some base \u0027image\u0027 platforms\n* Bump main to v1.35.0-dev\n* Vendor in latest containers/(storage,image,common)\n* Split up error messages for missing --sbom related flags\n* `buildah manifest`: add artifact-related options\n* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing\n* cmd/buildah/manifest.go: don\u0027t make struct declarations aliases\n* Use golang.org/x/exp/slices.Contains\n* Try Cirrus with a newer VM version\n* Set CONTAINERS_CONF in the chroot-mount-flags integration test\n* Update to match dependency API update\n* Update github.com/openshift/imagebuilder and containers/common\n* docs: correct default authfile path\n* tests: retrofit test for heredoc summary\n* build, heredoc: show heredoc summary in build output\n* manifest, push: add support for --retry and --retry-delay\n* imagebuildah: fix crash with empty RUN\n* Make buildah match podman for handling of ulimits\n* docs: move footnotes to where they\u0027re applicable\n* Allow users to specify no-dereference\n* docs: use reversed logo for dark theme in README\n* build,commit: add --sbom to scan and produce SBOMs when committing\n* commit: force omitHistory if the parent has layers but no history\n* docs: fix a couple of typos\n* internal/mkcw.Archive(): handle extra image content\n* stage_executor,heredoc: honor interpreter in heredoc\n* stage_executor,layers: burst cache if heredoc content is changed\n* Replace map[K]bool with map[K]struct{} where it makes sense\n* Bump CI VMs\n* Replace strings.SplitN with strings.Cut\n* Document use of containers-transports values in buildah\n* manifest: addCompression use default from containers.conf\n* commit: add a --add-file flag\n* mkcw: populate the rootfs using an overlay\n* [skip-ci] Update actions/stale action to v9\n* Ignore errors if label.Relabel returns ENOSUP",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3186,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3186,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3186,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3186,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3186",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3186-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3186-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243186-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3186-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019398.html"
},
{
"category": "self",
"summary": "SUSE Bug 1221243",
"url": "https://bugzilla.suse.com/1221243"
},
{
"category": "self",
"summary": "SUSE Bug 1221677",
"url": "https://bugzilla.suse.com/1221677"
},
{
"category": "self",
"summary": "SUSE Bug 1224117",
"url": "https://bugzilla.suse.com/1224117"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1753 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24786 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3727 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3727/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2024-09-10T07:43:19Z",
"generator": {
"date": "2024-09-10T07:43:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3186-1",
"initial_release_date": "2024-09-10T07:43:19Z",
"revision_history": [
{
"date": "2024-09-10T07:43:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150400.3.30.1.aarch64",
"product": {
"name": "buildah-1.35.4-150400.3.30.1.aarch64",
"product_id": "buildah-1.35.4-150400.3.30.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150400.3.30.1.i586",
"product": {
"name": "buildah-1.35.4-150400.3.30.1.i586",
"product_id": "buildah-1.35.4-150400.3.30.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150400.3.30.1.ppc64le",
"product": {
"name": "buildah-1.35.4-150400.3.30.1.ppc64le",
"product_id": "buildah-1.35.4-150400.3.30.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150400.3.30.1.s390x",
"product": {
"name": "buildah-1.35.4-150400.3.30.1.s390x",
"product_id": "buildah-1.35.4-150400.3.30.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150400.3.30.1.x86_64",
"product": {
"name": "buildah-1.35.4-150400.3.30.1.x86_64",
"product_id": "buildah-1.35.4-150400.3.30.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150400.3.30.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64"
},
"product_reference": "buildah-1.35.4-150400.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150400.3.30.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64"
},
"product_reference": "buildah-1.35.4-150400.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150400.3.30.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64"
},
"product_reference": "buildah-1.35.4-150400.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150400.3.30.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64"
},
"product_reference": "buildah-1.35.4-150400.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150400.3.30.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64"
},
"product_reference": "buildah-1.35.4-150400.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150400.3.30.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le"
},
"product_reference": "buildah-1.35.4-150400.3.30.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150400.3.30.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x"
},
"product_reference": "buildah-1.35.4-150400.3.30.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150400.3.30.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64"
},
"product_reference": "buildah-1.35.4-150400.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150400.3.30.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le"
},
"product_reference": "buildah-1.35.4-150400.3.30.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150400.3.30.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64"
},
"product_reference": "buildah-1.35.4-150400.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-1753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1753"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1753",
"url": "https://www.suse.com/security/cve/CVE-2024-1753"
},
{
"category": "external",
"summary": "SUSE Bug 1221677 for CVE-2024-1753",
"url": "https://bugzilla.suse.com/1221677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T07:43:19Z",
"details": "important"
}
],
"title": "CVE-2024-1753"
},
{
"cve": "CVE-2024-24786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24786"
}
],
"notes": [
{
"category": "general",
"text": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24786",
"url": "https://www.suse.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "SUSE Bug 1226136 for CVE-2024-24786",
"url": "https://bugzilla.suse.com/1226136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T07:43:19Z",
"details": "important"
}
],
"title": "CVE-2024-24786"
},
{
"cve": "CVE-2024-28180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28180"
}
],
"notes": [
{
"category": "general",
"text": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28180",
"url": "https://www.suse.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "SUSE Bug 1234984 for CVE-2024-28180",
"url": "https://bugzilla.suse.com/1234984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T07:43:19Z",
"details": "moderate"
}
],
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-3727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3727"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3727",
"url": "https://www.suse.com/security/cve/CVE-2024-3727"
},
{
"category": "external",
"summary": "SUSE Bug 1224112 for CVE-2024-3727",
"url": "https://bugzilla.suse.com/1224112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.4-150400.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.4-150400.3.30.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T07:43:19Z",
"details": "important"
}
],
"title": "CVE-2024-3727"
}
]
}
SUSE-SU-2025:0066-1
Vulnerability from csaf_suse - Published: 2025-01-10 14:49 - Updated: 2025-01-10 14:49| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-1.3.6-150600.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-1.3.6-150600.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-sle15_6-1.3.6-150600.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.3.6-150600.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.3.6-150600.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-leap-1.3.6-150600.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-sle15_5-1.3.6-150600.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-sle15_6-1.3.6-150600.4.3.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apptainer",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apptainer fixes the following issues:\n\n- Update to version 1.3.6\n- CVE-2024-28180: Fixed an improper handling of highly compressed data in go-jose. (bsc#1235211)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-66,SUSE-SLE-Module-HPC-15-SP6-2025-66,openSUSE-SLE-15.6-2025-66",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0066-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0066-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250066-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0066-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020088.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235211",
"url": "https://bugzilla.suse.com/1235211"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28180/"
}
],
"title": "Security update for apptainer",
"tracking": {
"current_release_date": "2025-01-10T14:49:12Z",
"generator": {
"date": "2025-01-10T14:49:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0066-1",
"initial_release_date": "2025-01-10T14:49:12Z",
"revision_history": [
{
"date": "2025-01-10T14:49:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apptainer-1.3.6-150600.4.3.1.aarch64",
"product": {
"name": "apptainer-1.3.6-150600.4.3.1.aarch64",
"product_id": "apptainer-1.3.6-150600.4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apptainer-leap-1.3.6-150600.4.3.1.noarch",
"product": {
"name": "apptainer-leap-1.3.6-150600.4.3.1.noarch",
"product_id": "apptainer-leap-1.3.6-150600.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_5-1.3.6-150600.4.3.1.noarch",
"product": {
"name": "apptainer-sle15_5-1.3.6-150600.4.3.1.noarch",
"product_id": "apptainer-sle15_5-1.3.6-150600.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_6-1.3.6-150600.4.3.1.noarch",
"product": {
"name": "apptainer-sle15_6-1.3.6-150600.4.3.1.noarch",
"product_id": "apptainer-sle15_6-1.3.6-150600.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_7-1.3.6-150600.4.3.1.noarch",
"product": {
"name": "apptainer-sle15_7-1.3.6-150600.4.3.1.noarch",
"product_id": "apptainer-sle15_7-1.3.6-150600.4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apptainer-1.3.6-150600.4.3.1.x86_64",
"product": {
"name": "apptainer-1.3.6-150600.4.3.1.x86_64",
"product_id": "apptainer-1.3.6-150600.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for HPC 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for HPC 15 SP6",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-hpc:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.3.6-150600.4.3.1.aarch64 as component of SUSE Linux Enterprise Module for HPC 15 SP6",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-1.3.6-150600.4.3.1.aarch64"
},
"product_reference": "apptainer-1.3.6-150600.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.3.6-150600.4.3.1.x86_64 as component of SUSE Linux Enterprise Module for HPC 15 SP6",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-1.3.6-150600.4.3.1.x86_64"
},
"product_reference": "apptainer-1.3.6-150600.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_6-1.3.6-150600.4.3.1.noarch as component of SUSE Linux Enterprise Module for HPC 15 SP6",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-sle15_6-1.3.6-150600.4.3.1.noarch"
},
"product_reference": "apptainer-sle15_6-1.3.6-150600.4.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.3.6-150600.4.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:apptainer-1.3.6-150600.4.3.1.aarch64"
},
"product_reference": "apptainer-1.3.6-150600.4.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.3.6-150600.4.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:apptainer-1.3.6-150600.4.3.1.x86_64"
},
"product_reference": "apptainer-1.3.6-150600.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-leap-1.3.6-150600.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:apptainer-leap-1.3.6-150600.4.3.1.noarch"
},
"product_reference": "apptainer-leap-1.3.6-150600.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_5-1.3.6-150600.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:apptainer-sle15_5-1.3.6-150600.4.3.1.noarch"
},
"product_reference": "apptainer-sle15_5-1.3.6-150600.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_6-1.3.6-150600.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:apptainer-sle15_6-1.3.6-150600.4.3.1.noarch"
},
"product_reference": "apptainer-sle15_6-1.3.6-150600.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-28180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28180"
}
],
"notes": [
{
"category": "general",
"text": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-1.3.6-150600.4.3.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-1.3.6-150600.4.3.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-sle15_6-1.3.6-150600.4.3.1.noarch",
"openSUSE Leap 15.6:apptainer-1.3.6-150600.4.3.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.3.6-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.3.6-150600.4.3.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_5-1.3.6-150600.4.3.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.3.6-150600.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28180",
"url": "https://www.suse.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "SUSE Bug 1234984 for CVE-2024-28180",
"url": "https://bugzilla.suse.com/1234984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-1.3.6-150600.4.3.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-1.3.6-150600.4.3.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-sle15_6-1.3.6-150600.4.3.1.noarch",
"openSUSE Leap 15.6:apptainer-1.3.6-150600.4.3.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.3.6-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.3.6-150600.4.3.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_5-1.3.6-150600.4.3.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.3.6-150600.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-1.3.6-150600.4.3.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-1.3.6-150600.4.3.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP6:apptainer-sle15_6-1.3.6-150600.4.3.1.noarch",
"openSUSE Leap 15.6:apptainer-1.3.6-150600.4.3.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.3.6-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.3.6-150600.4.3.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_5-1.3.6-150600.4.3.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.3.6-150600.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-10T14:49:12Z",
"details": "moderate"
}
],
"title": "CVE-2024-28180"
}
]
}
SUSE-SU-2025:0622-1
Vulnerability from csaf_suse - Published: 2025-02-21 10:59 - Updated: 2025-02-21 10:59| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for grafana",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for grafana fixes the following issues:\n\ngrafana was updated from version 10.4.13 to 10.4.15:\n\n- Security issues fixed:\n * CVE-2024-45339: Fixed vulnerability when creating log files (bsc#1236559)\n * CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration (bsc#1236734)\n * CVE-2025-21613: Removed vulnerable library github.com/go-git/go-git/v5 (bsc#1235574)\n * CVE-2024-28180: Fixed improper handling of highly compressed data (bsc#1235206)\n- Other bugs fixed and changes:\n * Alerting: Do not fetch Orgs if the user is authenticated by apikey/sa or render key\n * Added provisioning directories\n * Use /bin/bash in wrapper scripts\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-622,SUSE-SLE-Manager-Tools-12-2025-622",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0622-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0622-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250622-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0622-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020389.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235206",
"url": "https://bugzilla.suse.com/1235206"
},
{
"category": "self",
"summary": "SUSE Bug 1235574",
"url": "https://bugzilla.suse.com/1235574"
},
{
"category": "self",
"summary": "SUSE Bug 1236559",
"url": "https://bugzilla.suse.com/1236559"
},
{
"category": "self",
"summary": "SUSE Bug 1236734",
"url": "https://bugzilla.suse.com/1236734"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-11741 page",
"url": "https://www.suse.com/security/cve/CVE-2024-11741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45339 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21613 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21613/"
}
],
"title": "Security update for grafana",
"tracking": {
"current_release_date": "2025-02-21T10:59:56Z",
"generator": {
"date": "2025-02-21T10:59:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0622-1",
"initial_release_date": "2025-02-21T10:59:56Z",
"revision_history": [
{
"date": "2025-02-21T10:59:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-1.71.1.aarch64",
"product": {
"name": "grafana-10.4.15-1.71.1.aarch64",
"product_id": "grafana-10.4.15-1.71.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-1.71.1.i586",
"product": {
"name": "grafana-10.4.15-1.71.1.i586",
"product_id": "grafana-10.4.15-1.71.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-1.71.1.ppc64le",
"product": {
"name": "grafana-10.4.15-1.71.1.ppc64le",
"product_id": "grafana-10.4.15-1.71.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-1.71.1.s390x",
"product": {
"name": "grafana-10.4.15-1.71.1.s390x",
"product_id": "grafana-10.4.15-1.71.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-1.71.1.x86_64",
"product": {
"name": "grafana-10.4.15-1.71.1.x86_64",
"product_id": "grafana-10.4.15-1.71.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 12",
"product": {
"name": "SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-1.71.1.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64"
},
"product_reference": "grafana-10.4.15-1.71.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-1.71.1.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le"
},
"product_reference": "grafana-10.4.15-1.71.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-1.71.1.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x"
},
"product_reference": "grafana-10.4.15-1.71.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-1.71.1.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64"
},
"product_reference": "grafana-10.4.15-1.71.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-11741"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. \nThe Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. \nFixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-11741",
"url": "https://www.suse.com/security/cve/CVE-2024-11741"
},
{
"category": "external",
"summary": "SUSE Bug 1236734 for CVE-2024-11741",
"url": "https://bugzilla.suse.com/1236734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-21T10:59:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-11741"
},
{
"cve": "CVE-2024-28180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28180"
}
],
"notes": [
{
"category": "general",
"text": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28180",
"url": "https://www.suse.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "SUSE Bug 1234984 for CVE-2024-28180",
"url": "https://bugzilla.suse.com/1234984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-21T10:59:56Z",
"details": "moderate"
}
],
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-45339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45339"
}
],
"notes": [
{
"category": "general",
"text": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process\u0027s log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45339",
"url": "https://www.suse.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "SUSE Bug 1236541 for CVE-2024-45339",
"url": "https://bugzilla.suse.com/1236541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-21T10:59:56Z",
"details": "important"
}
],
"title": "CVE-2024-45339"
},
{
"cve": "CVE-2025-21613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21613"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21613",
"url": "https://www.suse.com/security/cve/CVE-2025-21613"
},
{
"category": "external",
"summary": "SUSE Bug 1235572 for CVE-2025-21613",
"url": "https://bugzilla.suse.com/1235572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.aarch64",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.ppc64le",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.s390x",
"SUSE Manager Client Tools 12:grafana-10.4.15-1.71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-21T10:59:56Z",
"details": "important"
}
],
"title": "CVE-2025-21613"
}
]
}
SUSE-SU-2025:0623-1
Vulnerability from csaf_suse - Published: 2025-02-21 11:00 - Updated: 2025-02-21 11:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for grafana",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for grafana fixes the following issues:\n\ngrafana was updated from version 10.4.13 to 10.4.15:\n\n- Security issues fixed:\n * CVE-2024-45339: Fixed vulnerability when creating log files (bsc#1236559)\n * CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration (bsc#1236734)\n * CVE-2025-21613: Removed vulnerable library github.com/go-git/go-git/v5 (bsc#1235574)\n * CVE-2024-28180: Fixed improper handling of highly compressed data (bsc#1235206)\n- Other bugs fixed and changes:\n * Alerting: Do not fetch Orgs if the user is authenticated by apikey/sa or render key\n * Added provisioning directories\n * Use /bin/bash in wrapper scripts\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-623,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-623,openSUSE-SLE-15.6-2025-623",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0623-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0623-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250623-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0623-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020388.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235206",
"url": "https://bugzilla.suse.com/1235206"
},
{
"category": "self",
"summary": "SUSE Bug 1235574",
"url": "https://bugzilla.suse.com/1235574"
},
{
"category": "self",
"summary": "SUSE Bug 1236559",
"url": "https://bugzilla.suse.com/1236559"
},
{
"category": "self",
"summary": "SUSE Bug 1236734",
"url": "https://bugzilla.suse.com/1236734"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-11741 page",
"url": "https://www.suse.com/security/cve/CVE-2024-11741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45339 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21613 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21613/"
}
],
"title": "Security update for grafana",
"tracking": {
"current_release_date": "2025-02-21T11:00:07Z",
"generator": {
"date": "2025-02-21T11:00:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0623-1",
"initial_release_date": "2025-02-21T11:00:07Z",
"revision_history": [
{
"date": "2025-02-21T11:00:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-150200.3.64.1.aarch64",
"product": {
"name": "grafana-10.4.15-150200.3.64.1.aarch64",
"product_id": "grafana-10.4.15-150200.3.64.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-150200.3.64.1.i586",
"product": {
"name": "grafana-10.4.15-150200.3.64.1.i586",
"product_id": "grafana-10.4.15-150200.3.64.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-150200.3.64.1.ppc64le",
"product": {
"name": "grafana-10.4.15-150200.3.64.1.ppc64le",
"product_id": "grafana-10.4.15-150200.3.64.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-150200.3.64.1.s390x",
"product": {
"name": "grafana-10.4.15-150200.3.64.1.s390x",
"product_id": "grafana-10.4.15-150200.3.64.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-150200.3.64.1.x86_64",
"product": {
"name": "grafana-10.4.15-150200.3.64.1.x86_64",
"product_id": "grafana-10.4.15-150200.3.64.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-150200.3.64.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64"
},
"product_reference": "grafana-10.4.15-150200.3.64.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-150200.3.64.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le"
},
"product_reference": "grafana-10.4.15-150200.3.64.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-150200.3.64.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x"
},
"product_reference": "grafana-10.4.15-150200.3.64.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-150200.3.64.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64"
},
"product_reference": "grafana-10.4.15-150200.3.64.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-150200.3.64.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64"
},
"product_reference": "grafana-10.4.15-150200.3.64.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-150200.3.64.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le"
},
"product_reference": "grafana-10.4.15-150200.3.64.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-150200.3.64.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x"
},
"product_reference": "grafana-10.4.15-150200.3.64.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-150200.3.64.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64"
},
"product_reference": "grafana-10.4.15-150200.3.64.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-11741"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. \nThe Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. \nFixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-11741",
"url": "https://www.suse.com/security/cve/CVE-2024-11741"
},
{
"category": "external",
"summary": "SUSE Bug 1236734 for CVE-2024-11741",
"url": "https://bugzilla.suse.com/1236734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-21T11:00:07Z",
"details": "moderate"
}
],
"title": "CVE-2024-11741"
},
{
"cve": "CVE-2024-28180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28180"
}
],
"notes": [
{
"category": "general",
"text": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28180",
"url": "https://www.suse.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "SUSE Bug 1234984 for CVE-2024-28180",
"url": "https://bugzilla.suse.com/1234984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-21T11:00:07Z",
"details": "moderate"
}
],
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-45339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45339"
}
],
"notes": [
{
"category": "general",
"text": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process\u0027s log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45339",
"url": "https://www.suse.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "SUSE Bug 1236541 for CVE-2024-45339",
"url": "https://bugzilla.suse.com/1236541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-21T11:00:07Z",
"details": "important"
}
],
"title": "CVE-2024-45339"
},
{
"cve": "CVE-2025-21613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21613"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21613",
"url": "https://www.suse.com/security/cve/CVE-2025-21613"
},
{
"category": "external",
"summary": "SUSE Bug 1235572 for CVE-2025-21613",
"url": "https://bugzilla.suse.com/1235572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-10.4.15-150200.3.64.1.x86_64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.aarch64",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.ppc64le",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.s390x",
"openSUSE Leap 15.6:grafana-10.4.15-150200.3.64.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-21T11:00:07Z",
"details": "important"
}
],
"title": "CVE-2025-21613"
}
]
}
SUSE-SU-2025:0624-1
Vulnerability from csaf_suse - Published: 2025-02-21 11:00 - Updated: 2025-02-21 11:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for grafana",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for grafana fixes the following issues:\n\ngrafana was updated from version 10.4.13 to 10.4.15:\n\n- Security issues fixed:\n * CVE-2024-45339: Fixed vulnerability when creating log files (bsc#1236559)\n * CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration (bsc#1236734)\n * CVE-2025-21613: Removed vulnerable library github.com/go-git/go-git/v5 (bsc#1235574)\n * CVE-2024-28180: Fixed improper handling of highly compressed data (bsc#1235206)\n- Other bugs fixed and changes:\n * Alerting: Do not fetch Orgs if the user is authenticated by apikey/sa or render key\n * Added provisioning directories\n * Use /bin/bash in wrapper scripts\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-624,SUSE-SLE-Manager-Tools-15-2025-624",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0624-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0624-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250624-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0624-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020387.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235206",
"url": "https://bugzilla.suse.com/1235206"
},
{
"category": "self",
"summary": "SUSE Bug 1235574",
"url": "https://bugzilla.suse.com/1235574"
},
{
"category": "self",
"summary": "SUSE Bug 1236559",
"url": "https://bugzilla.suse.com/1236559"
},
{
"category": "self",
"summary": "SUSE Bug 1236734",
"url": "https://bugzilla.suse.com/1236734"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-11741 page",
"url": "https://www.suse.com/security/cve/CVE-2024-11741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45339 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21613 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21613/"
}
],
"title": "Security update for grafana",
"tracking": {
"current_release_date": "2025-02-21T11:00:27Z",
"generator": {
"date": "2025-02-21T11:00:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0624-1",
"initial_release_date": "2025-02-21T11:00:27Z",
"revision_history": [
{
"date": "2025-02-21T11:00:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-150000.1.71.1.aarch64",
"product": {
"name": "grafana-10.4.15-150000.1.71.1.aarch64",
"product_id": "grafana-10.4.15-150000.1.71.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-150000.1.71.1.i586",
"product": {
"name": "grafana-10.4.15-150000.1.71.1.i586",
"product_id": "grafana-10.4.15-150000.1.71.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-150000.1.71.1.ppc64le",
"product": {
"name": "grafana-10.4.15-150000.1.71.1.ppc64le",
"product_id": "grafana-10.4.15-150000.1.71.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-150000.1.71.1.s390x",
"product": {
"name": "grafana-10.4.15-150000.1.71.1.s390x",
"product_id": "grafana-10.4.15-150000.1.71.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-10.4.15-150000.1.71.1.x86_64",
"product": {
"name": "grafana-10.4.15-150000.1.71.1.x86_64",
"product_id": "grafana-10.4.15-150000.1.71.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 15",
"product": {
"name": "SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-150000.1.71.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64"
},
"product_reference": "grafana-10.4.15-150000.1.71.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-150000.1.71.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le"
},
"product_reference": "grafana-10.4.15-150000.1.71.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-150000.1.71.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x"
},
"product_reference": "grafana-10.4.15-150000.1.71.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-10.4.15-150000.1.71.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64"
},
"product_reference": "grafana-10.4.15-150000.1.71.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-11741"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. \nThe Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. \nFixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-11741",
"url": "https://www.suse.com/security/cve/CVE-2024-11741"
},
{
"category": "external",
"summary": "SUSE Bug 1236734 for CVE-2024-11741",
"url": "https://bugzilla.suse.com/1236734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-21T11:00:27Z",
"details": "moderate"
}
],
"title": "CVE-2024-11741"
},
{
"cve": "CVE-2024-28180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28180"
}
],
"notes": [
{
"category": "general",
"text": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28180",
"url": "https://www.suse.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "SUSE Bug 1234984 for CVE-2024-28180",
"url": "https://bugzilla.suse.com/1234984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-21T11:00:27Z",
"details": "moderate"
}
],
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-45339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45339"
}
],
"notes": [
{
"category": "general",
"text": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process\u0027s log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45339",
"url": "https://www.suse.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "SUSE Bug 1236541 for CVE-2024-45339",
"url": "https://bugzilla.suse.com/1236541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-21T11:00:27Z",
"details": "important"
}
],
"title": "CVE-2024-45339"
},
{
"cve": "CVE-2025-21613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21613"
}
],
"notes": [
{
"category": "general",
"text": "go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21613",
"url": "https://www.suse.com/security/cve/CVE-2025-21613"
},
{
"category": "external",
"summary": "SUSE Bug 1235572 for CVE-2025-21613",
"url": "https://bugzilla.suse.com/1235572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.aarch64",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.s390x",
"SUSE Manager Client Tools 15:grafana-10.4.15-150000.1.71.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-21T11:00:27Z",
"details": "important"
}
],
"title": "CVE-2025-21613"
}
]
}
SUSE-SU-2025:20019-1
Vulnerability from csaf_suse - Published: 2025-02-03 08:48 - Updated: 2025-02-03 08:48| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for skopeo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for skopeo fixes the following issues:\n\n- Update to version 1.14.4:\n * CVE-2024-3727: digest type does not guarantee valid type (bsc#1224123)\n * Packit: update packit targets\n * Bump gopkg.in/go-jose to v2.6.3\n * Bump ocicrypt and go-jose CVE-2024-28180\n * Freeze the fedora-minimal image reference at Fedora 38\n * Bump c/common to v0.57.4\n * Bump google.golang.org/protobuf to v1.33.0\n * Bump Skopeo to v1.14.3-dev\n\n- Update to version 1.14.2:\n * Bump c/image to v5.29.2, c/common to v0.57.3 (fixes bsc#1219563)\n\n- Update to version 1.14.1:\n * fix(deps): update module github.com/containers/common to v0.57.2\n * fix(deps): update module github.com/containers/image/v5 to v5.29.1\n * chore(deps): update dependency containers/automation_images to v20240102\n * Fix libsubid detection\n * fix(deps): update module golang.org/x/term to v0.16.0\n * fix(deps): update golang.org/x/exp digest to 02704c9\n * chore(deps): update dependency containers/automation_images to v20231208\n * [skip-ci] Update actions/stale action to v9\n * fix(deps): update module github.com/containers/common to v0.57.1\n * fix(deps): update golang.org/x/exp digest to 6522937\n * fix(deps): update module golang.org/x/term to v0.15.0\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-21",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20019-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20019-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520019-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20019-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021351.html"
},
{
"category": "self",
"summary": "SUSE Bug 1219563",
"url": "https://bugzilla.suse.com/1219563"
},
{
"category": "self",
"summary": "SUSE Bug 1224123",
"url": "https://bugzilla.suse.com/1224123"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3727 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3727/"
}
],
"title": "Security update for skopeo",
"tracking": {
"current_release_date": "2025-02-03T08:48:38Z",
"generator": {
"date": "2025-02-03T08:48:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20019-1",
"initial_release_date": "2025-02-03T08:48:38Z",
"revision_history": [
{
"date": "2025-02-03T08:48:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1.14.4-1.1.aarch64",
"product": {
"name": "skopeo-1.14.4-1.1.aarch64",
"product_id": "skopeo-1.14.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1.14.4-1.1.s390x",
"product": {
"name": "skopeo-1.14.4-1.1.s390x",
"product_id": "skopeo-1.14.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1.14.4-1.1.x86_64",
"product": {
"name": "skopeo-1.14.4-1.1.x86_64",
"product_id": "skopeo-1.14.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1.14.4-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.aarch64"
},
"product_reference": "skopeo-1.14.4-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1.14.4-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.s390x"
},
"product_reference": "skopeo-1.14.4-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1.14.4-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.x86_64"
},
"product_reference": "skopeo-1.14.4-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-28180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28180"
}
],
"notes": [
{
"category": "general",
"text": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28180",
"url": "https://www.suse.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "SUSE Bug 1234984 for CVE-2024-28180",
"url": "https://bugzilla.suse.com/1234984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:48:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-3727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3727"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3727",
"url": "https://www.suse.com/security/cve/CVE-2024-3727"
},
{
"category": "external",
"summary": "SUSE Bug 1224112 for CVE-2024-3727",
"url": "https://bugzilla.suse.com/1224112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:48:38Z",
"details": "important"
}
],
"title": "CVE-2024-3727"
}
]
}
SUSE-SU-2026:20550-1
Vulnerability from csaf_suse - Published: 2026-02-26 16:03 - Updated: 2026-02-26 16:03| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerized-data-importer",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerized-data-importer fixes the following issues:\n\nUpdate to version 1.64.0.\n\nSecurity issues fixed:\n\n- CVE-2024-28180: improper handling of highly compressed data (bsc#1235204).\n- CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content (bsc#1235365).\n- CVE-2025-22868: unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239205).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-317",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20550-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20550-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620550-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20550-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/044567.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235204",
"url": "https://bugzilla.suse.com/1235204"
},
{
"category": "self",
"summary": "SUSE Bug 1235365",
"url": "https://bugzilla.suse.com/1235365"
},
{
"category": "self",
"summary": "SUSE Bug 1239205",
"url": "https://bugzilla.suse.com/1239205"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
}
],
"title": "Security update for containerized-data-importer",
"tracking": {
"current_release_date": "2026-02-26T16:03:48Z",
"generator": {
"date": "2026-02-26T16:03:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20550-1",
"initial_release_date": "2026-02-26T16:03:48Z",
"revision_history": [
{
"date": "2026-02-26T16:03:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64",
"product": {
"name": "containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64",
"product_id": "containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64"
},
"product_reference": "containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-28180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28180"
}
],
"notes": [
{
"category": "general",
"text": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28180",
"url": "https://www.suse.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "SUSE Bug 1234984 for CVE-2024-28180",
"url": "https://bugzilla.suse.com/1234984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-26T16:03:48Z",
"details": "moderate"
}
],
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-45338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45338"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45338",
"url": "https://www.suse.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "SUSE Bug 1234794 for CVE-2024-45338",
"url": "https://bugzilla.suse.com/1234794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-26T16:03:48Z",
"details": "moderate"
}
],
"title": "CVE-2024-45338"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-26T16:03:48Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
}
]
}
WID-SEC-W-2024-0947
Vulnerability from csaf_certbund - Published: 2024-04-22 22:00 - Updated: 2024-12-17 23:00Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler besteht in der Jose-Komponente des Service Mesh Containers aufgrund eines unsachgemäßen Umgangs mit stark komprimierten Daten, die es ermöglichen, Anmeldedaten einzusehen. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.15.14
Red Hat / OpenShift
|
Container Platform <4.15.14 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Service Mesh Containers <2.5.1
Red Hat / OpenShift
|
Service Mesh Containers <2.5.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.26
Red Hat / OpenShift
|
Container Platform <4.14.26 | ||
|
Red Hat OpenShift Container Platform <4.13.42
Red Hat / OpenShift
|
Container Platform <4.13.42 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.24
Red Hat / OpenShift
|
Container Platform <4.14.24 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.12
Red Hat / OpenShift
|
Container Platform <4.15.12 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler besteht im follow-redirects-Paket des Service Mesh Containers aufgrund eines fehlenden Clearing-Prozesses, der es ermöglicht, eine JWE mit komprimierten Daten zu senden, die große Mengen an Speicher und CPU verbraucht. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.15.14
Red Hat / OpenShift
|
Container Platform <4.15.14 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.17.2
Red Hat / OpenShift
|
Container Platform <4.17.2 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Service Mesh Containers <2.5.1
Red Hat / OpenShift
|
Service Mesh Containers <2.5.1 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.26
Red Hat / OpenShift
|
Container Platform <4.14.26 | ||
|
Red Hat OpenShift Container Platform <4.13.42
Red Hat / OpenShift
|
Container Platform <4.13.42 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift Container Platform <4.14.24
Red Hat / OpenShift
|
Container Platform <4.14.24 | ||
|
Hitachi Ops Center
Hitachi
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.12
Red Hat / OpenShift
|
Container Platform <4.15.12 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0947 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0947.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0947 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0947"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-04-22",
"url": "https://access.redhat.com/errata/RHSA-2024:1946"
},
{
"category": "external",
"summary": "Red Hat Bugzilla \u2013 Bug 2268854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854"
},
{
"category": "external",
"summary": "Red Hat Bugzilla \u2013 Bug 2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2639 vom 2024-05-01",
"url": "https://access.redhat.com/errata/RHSA-2024:2639"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2549 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2549"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2047 vom 2024-05-02",
"url": "https://access.redhat.com/errata/RHSA-2024:2049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2054 vom 2024-05-02",
"url": "https://access.redhat.com/errata/RHSA-2024:2054"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2071 vom 2024-05-02",
"url": "https://access.redhat.com/errata/RHSA-2024:2071"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2549 vom 2024-05-07",
"url": "https://linux.oracle.com/errata/ELSA-2024-2549.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2669 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2669"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2672 vom 2024-05-09",
"url": "https://access.redhat.com/errata/RHSA-2024:2672"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2776 vom 2024-05-15",
"url": "https://access.redhat.com/errata/RHSA-2024:2776"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2773 vom 2024-05-15",
"url": "https://access.redhat.com/errata/RHSA-2024:2773"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2784 vom 2024-05-16",
"url": "https://access.redhat.com/errata/RHSA-2024:2784"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2865 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2865"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3254 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3254"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2869 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:2869"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2877 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:2877"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3349 vom 2024-05-30",
"url": "https://access.redhat.com/errata/RHSA-2024:3351"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3349 vom 2024-05-30",
"url": "https://access.redhat.com/errata/RHSA-2024:3349"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3327 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:3327"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3254 vom 2024-06-01",
"url": "https://linux.oracle.com/errata/ELSA-2024-3254.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-C95D3199C5 vom 2024-06-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-c95d3199c5"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-1BEAA94D86 vom 2024-06-03",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1beaa94d86"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3550 vom 2024-06-03",
"url": "https://access.redhat.com/errata/RHSA-2024:3550"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3523 vom 2024-06-10",
"url": "https://access.redhat.com/errata/RHSA-2024:3523"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3827 vom 2024-06-11",
"url": "https://access.redhat.com/errata/RHSA-2024:3827"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3826 vom 2024-06-12",
"url": "https://linux.oracle.com/errata/ELSA-2024-3826.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3827 vom 2024-06-12",
"url": "https://linux.oracle.com/errata/ELSA-2024-3827.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:3827 vom 2024-06-14",
"url": "https://errata.build.resf.org/RLSA-2024:3827"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:3826 vom 2024-06-14",
"url": "https://errata.build.resf.org/RLSA-2024:3826"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3968 vom 2024-06-18",
"url": "https://access.redhat.com/errata/RHSA-2024:3968"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3968 vom 2024-06-19",
"url": "https://linux.oracle.com/errata/ELSA-2024-3968.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3989 vom 2024-06-20",
"url": "https://access.redhat.com/errata/RHSA-2024:3989"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4028 vom 2024-06-20",
"url": "https://access.redhat.com/errata/RHSA-2024:4028"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4041 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4041"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4006 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:4006"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:3968 vom 2024-07-02",
"url": "https://errata.build.resf.org/RLSA-2024:3968"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-BD8FE42929 vom 2024-07-06",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-bd8fe42929"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4484 vom 2024-07-17",
"url": "https://access.redhat.com/errata/RHSA-2024:4484"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4455 vom 2024-07-29",
"url": "https://access.redhat.com/errata/RHSA-2024:4455"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASDOCKER-2024-041 vom 2024-08-13",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-041.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6209 vom 2024-09-03",
"url": "https://access.redhat.com/errata/RHSA-2024:6209"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7164 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8229 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8229"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8235 vom 2024-10-23",
"url": "https://access.redhat.com/errata/RHSA-2024:8235"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8677 vom 2024-10-30",
"url": "https://access.redhat.com/errata/RHSA-2024:8677"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-150 vom 2024-12-17",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-150/index.html"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-12-17T23:00:00.000+00:00",
"generator": {
"date": "2024-12-18T10:28:08.344+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-0947",
"initial_release_date": "2024-04-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-02T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-09T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-15T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-20T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-22T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-23T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-02T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-06-03T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Fedora und Red Hat aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-06-16T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-06-17T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-06-19T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-20T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-26T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-07-07T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-29T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-13T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-09-03T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-22T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-30T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von HITACHI aufgenommen"
}
],
"status": "final",
"version": "33"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T038840",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Service Mesh Containers \u003c2.5.1",
"product": {
"name": "Red Hat OpenShift Service Mesh Containers \u003c2.5.1",
"product_id": "T034345"
}
},
{
"category": "product_version",
"name": "Service Mesh Containers 2.5.1",
"product": {
"name": "Red Hat OpenShift Service Mesh Containers 2.5.1",
"product_id": "T034345-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:service_mesh_containers__2.5.1"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.12",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.12",
"product_id": "T034661"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.12",
"product_id": "T034661-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.12"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.24",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.24",
"product_id": "T034662"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.24",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.24",
"product_id": "T034662-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.24"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.14",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.14",
"product_id": "T034932"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.14",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.14",
"product_id": "T034932-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.14"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.26",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.26",
"product_id": "T035037"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.26",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.26",
"product_id": "T035037-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.26"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.13.42",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.13.42",
"product_id": "T035048"
}
},
{
"category": "product_version",
"name": "Container Platform 4.13.42",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13.42",
"product_id": "T035048-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.13.42"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.17.2",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.17.2",
"product_id": "T038527"
}
},
{
"category": "product_version",
"name": "Container Platform 4.17.2",
"product": {
"name": "Red Hat OpenShift Container Platform 4.17.2",
"product_id": "T038527-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.17.2"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-28180",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler besteht in der Jose-Komponente des Service Mesh Containers aufgrund eines unsachgem\u00e4\u00dfen Umgangs mit stark komprimierten Daten, die es erm\u00f6glichen, Anmeldedaten einzusehen. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T034932",
"67646",
"T038527",
"T004914",
"T034345",
"T032255",
"T035037",
"T035048",
"74185",
"T034662",
"T038840",
"T034661",
"398363"
]
},
"release_date": "2024-04-22T22:00:00.000+00:00",
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-28849",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler besteht im follow-redirects-Paket des Service Mesh Containers aufgrund eines fehlenden Clearing-Prozesses, der es erm\u00f6glicht, eine JWE mit komprimierten Daten zu senden, die gro\u00dfe Mengen an Speicher und CPU verbraucht. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T034932",
"67646",
"T038527",
"T004914",
"T034345",
"T032255",
"T035037",
"T035048",
"74185",
"T034662",
"T038840",
"T034661",
"398363"
]
},
"release_date": "2024-04-22T22:00:00.000+00:00",
"title": "CVE-2024-28849"
}
]
}
WID-SEC-W-2024-1474
Vulnerability from csaf_certbund - Published: 2024-06-27 22:00 - Updated: 2025-08-26 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1474 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1474.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1474 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1474"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0040 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:0040"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0041 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:0041"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0043 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:0043"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0045 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:0045"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3637 vom 2024-07-01",
"url": "https://access.redhat.com/errata/RHSA-2024:3637"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3617 vom 2024-07-01",
"url": "https://access.redhat.com/errata/RHSA-2024:3617"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1616 vom 2024-07-01",
"url": "https://access.redhat.com/errata/RHSA-2024:1616"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:3968 vom 2024-07-02",
"url": "https://errata.build.resf.org/RLSA-2024:3968"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4150 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4150"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4159 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4159"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-BD8FE42929 vom 2024-07-06",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-bd8fe42929"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4591 vom 2024-07-17",
"url": "https://access.redhat.com/errata/RHSA-2024:4591"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4613 vom 2024-07-25",
"url": "https://access.redhat.com/errata/RHSA-2024:4613"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4699 vom 2024-07-25",
"url": "https://access.redhat.com/errata/RHSA-2024:4699"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4850 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4850"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4846 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4846"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4960 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:4960"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5094 vom 2024-08-08",
"url": "https://access.redhat.com/errata/RHSA-2024:5094"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5258 vom 2024-08-13",
"url": "https://access.redhat.com/errata/RHSA-2024:5258"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-042 vom 2024-08-13",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-042.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5294 vom 2024-08-14",
"url": "https://access.redhat.com/errata/RHSA-2024:5294"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5294 vom 2024-08-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-5294.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5258 vom 2024-08-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-5258.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5200 vom 2024-08-19",
"url": "https://access.redhat.com/errata/RHSA-2024:5200"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5202 vom 2024-08-19",
"url": "https://access.redhat.com/errata/RHSA-2024:5202"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5438 vom 2024-08-21",
"url": "https://access.redhat.com/errata/RHSA-2024:5438"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5951 vom 2024-08-28",
"url": "https://access.redhat.com/errata/RHSA-2024:5951"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6054 vom 2024-08-30",
"url": "https://access.redhat.com/errata/RHSA-2024:6054"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6708 vom 2024-09-16",
"url": "https://access.redhat.com/errata/RHSA-2024:6708"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6755 vom 2024-09-18",
"url": "https://access.redhat.com/errata/RHSA-2024:6755"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6687 vom 2024-09-19",
"url": "https://access.redhat.com/errata/RHSA-2024:6687"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6824 vom 2024-09-24",
"url": "https://access.redhat.com/errata/RHSA-2024:6824"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7164 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7179 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7179"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7174 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7174"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7179 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7182"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3718 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:3718"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7436 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7436"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3717 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:3717"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7187 vom 2024-10-03",
"url": "https://access.redhat.com/errata/RHSA-2024:7187"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7184 vom 2024-10-03",
"url": "https://access.redhat.com/errata/RHSA-2024:7184"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7323 vom 2024-10-07",
"url": "https://access.redhat.com/errata/RHSA-2024:7323"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8040 vom 2024-10-14",
"url": "https://access.redhat.com/errata/RHSA-2024:8040"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7922 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:7922"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7939 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:7941"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8260 vom 2024-10-24",
"url": "https://access.redhat.com/errata/RHSA-2024:8260"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8534 vom 2024-10-28",
"url": "https://access.redhat.com/errata/RHSA-2024:8534"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8434 vom 2024-10-29",
"url": "https://access.redhat.com/errata/RHSA-2024:8434"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8425 vom 2024-10-31",
"url": "https://access.redhat.com/errata/RHSA-2024:8425"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8676 vom 2024-10-30",
"url": "https://access.redhat.com/errata/RHSA-2024:8676"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9181 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9181"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9098 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9098"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9097 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9097"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9102 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9102"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9960 vom 2024-11-19",
"url": "https://access.redhat.com/errata/RHSA-2024:9960"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9615 vom 2024-11-20",
"url": "https://access.redhat.com/errata/RHSA-2024:9615"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10147 vom 2024-11-26",
"url": "https://access.redhat.com/errata/RHSA-2024:10147"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8704 vom 2024-12-02",
"url": "https://access.redhat.com/errata/RHSA-2024:8704"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11293 vom 2024-12-17",
"url": "https://access.redhat.com/errata/RHSA-2024:11293"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6122 vom 2025-02-25",
"url": "https://access.redhat.com/errata/RHSA-2024:6122"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4019 vom 2025-04-23",
"url": "https://access.redhat.com/errata/RHSA-2025:4019"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20013-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021364.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20055-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021310.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0323-1 vom 2025-08-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TAOZOXVVSHLUMSNGQ4WCSWQAB5DM7EZH/"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift Container Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-26T22:00:00.000+00:00",
"generator": {
"date": "2025-08-27T11:46:37.250+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-1474",
"initial_release_date": "2024-06-27T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-06-27T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-30T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2024-07-03T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-07T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-07-17T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-25T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-30T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-12T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-13T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-08-14T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-08-18T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-20T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-28T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-29T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-16T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-18T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-24T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-01T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-07T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-13T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-16T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-28T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-29T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-30T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-18T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-26T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-02T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-24T23:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-22T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-26T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "42"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform",
"product": {
"name": "Red Hat Ansible Automation Platform",
"product_id": "T031834",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Advanced Cluster Security for Kubernetes 4",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
"product_id": "T027916",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
}
}
},
{
"category": "product_version",
"name": "Advanced Cluster Security for Kubernetes 4",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
"product_id": "T033787",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Secondary Scheduler Operator",
"product": {
"name": "Red Hat OpenShift Secondary Scheduler Operator",
"product_id": "T027759",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:::secondary_scheduler_operator"
}
}
},
{
"category": "product_version",
"name": "Kube Descheduler Operator 5",
"product": {
"name": "Red Hat OpenShift Kube Descheduler Operator 5",
"product_id": "T033270",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:kube_descheduler_operator_5"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.0",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.0",
"product_id": "T035697"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.0",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.0",
"product_id": "T035697-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.0"
}
}
},
{
"category": "product_version",
"name": "Run Once Duration Override Operator 1",
"product": {
"name": "Red Hat OpenShift Run Once Duration Override Operator 1",
"product_id": "T035698",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:run_once_duration_override_operator_1"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.1",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.1",
"product_id": "T035804"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.1",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.1",
"product_id": "T035804-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.1"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.63",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.63",
"product_id": "T036942"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.63",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.63",
"product_id": "T036942-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.63"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.28",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.28",
"product_id": "T036960"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.28",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.28",
"product_id": "T036960-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.28"
}
}
},
{
"category": "product_version_range",
"name": "Virtualization \u003c4.15.5",
"product": {
"name": "Red Hat OpenShift Virtualization \u003c4.15.5",
"product_id": "T037141"
}
},
{
"category": "product_version",
"name": "Virtualization 4.15.5",
"product": {
"name": "Red Hat OpenShift Virtualization 4.15.5",
"product_id": "T037141-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:virtualization__4.15.5"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.38",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.38",
"product_id": "T037940"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.38",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.38",
"product_id": "T037940-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.38"
}
}
},
{
"category": "product_version",
"name": "API for Data Protection 1",
"product": {
"name": "Red Hat OpenShift API for Data Protection 1",
"product_id": "T039224",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:api_for_data_protection_1"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.23",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.23",
"product_id": "T039272"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.23",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.23",
"product_id": "T039272-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.23"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.16.24",
"product": {
"name": "Red Hat OpenShift \u003c4.16.24",
"product_id": "T039438"
}
},
{
"category": "product_version",
"name": "4.16.24",
"product": {
"name": "Red Hat OpenShift 4.16.24",
"product_id": "T039438-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.16.24"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.18.10",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.18.10",
"product_id": "T043077"
}
},
{
"category": "product_version",
"name": "Container Platform 4.18.10",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18.10",
"product_id": "T043077-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.18.10"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-25210",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2019-25210"
},
{
"cve": "CVE-2023-29483",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-29483"
},
{
"cve": "CVE-2023-45142",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-45289",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-45289"
},
{
"cve": "CVE-2023-45290",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-45290"
},
{
"cve": "CVE-2023-47108",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-47108"
},
{
"cve": "CVE-2023-48795",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-52425",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2024-0874",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-0874"
},
{
"cve": "CVE-2024-1394",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-1394"
},
{
"cve": "CVE-2024-22189",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-22189"
},
{
"cve": "CVE-2024-2398",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-2398"
},
{
"cve": "CVE-2024-24783",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-24783"
},
{
"cve": "CVE-2024-24784",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-24784"
},
{
"cve": "CVE-2024-24785",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-24785"
},
{
"cve": "CVE-2024-24786",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-24786"
},
{
"cve": "CVE-2024-28110",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28110"
},
{
"cve": "CVE-2024-28176",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28176"
},
{
"cve": "CVE-2024-28180",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-28757",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-28849",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29180",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-29180"
},
{
"cve": "CVE-2024-3177",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-3177"
},
{
"cve": "CVE-2024-3727",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-3727"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.