Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-68121 (GCVE-0-2025-68121)
Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-04-29 13:29
VLAI
EPSS
Title
Unexpected session resumption in crypto/tls
Summary
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Severity
9.1 (Critical)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/tls |
Affected:
0 , < 1.24.13
(semver)
Affected: 1.25.0-0 , < 1.25.7 (semver) Affected: 1.26.0-rc.1 , < 1.26.0-rc.3 (semver) |
Credits
Coia Prant (github.com/rbqvq)
Go Security Team
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-68121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T03:55:46.305385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T13:29:25.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/tls",
"product": "crypto/tls",
"programRoutines": [
{
"name": "Conn.handshakeContext"
},
{
"name": "Conn.Handshake"
},
{
"name": "Conn.HandshakeContext"
},
{
"name": "Conn.Read"
},
{
"name": "Conn.Write"
},
{
"name": "Dial"
},
{
"name": "DialWithDialer"
},
{
"name": "Dialer.Dial"
},
{
"name": "Dialer.DialContext"
},
{
"name": "QUICConn.Start"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.24.13",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.25.7",
"status": "affected",
"version": "1.25.0-0",
"versionType": "semver"
},
{
"lessThan": "1.26.0-rc.3",
"status": "affected",
"version": "1.26.0-rc.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Coia Prant (github.com/rbqvq)"
},
{
"lang": "en",
"value": "Go Security Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-295: Improper Certificate Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T17:48:44.141Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"url": "https://go.dev/cl/737700"
},
{
"url": "https://go.dev/issue/77217"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"title": "Unexpected session resumption in crypto/tls"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-68121",
"datePublished": "2026-02-05T17:48:44.141Z",
"dateReserved": "2025-12-15T16:48:04.451Z",
"dateUpdated": "2026-04-29T13:29:25.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-68121",
"date": "2026-05-25",
"epss": "0.00018",
"percentile": "0.04801"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-68121\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-02-05T18:16:10.857\",\"lastModified\":\"2026-04-29T14:16:16.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.\"},{\"lang\":\"es\",\"value\":\"Durante la reanudaci\u00f3n de la sesi\u00f3n en crypto/tls, si la Config subyacente tiene sus campos ClientCAs o RootCAs mutados entre el handshake inicial y el handshake reanudado, el handshake reanudado puede tener \u00e9xito cuando deber\u00eda haber fallado. Esto puede ocurrir cuando un usuario llama a Config.Clone y muta la Config devuelta, o usa Config.GetConfigForClient. Esto puede hacer que un cliente reanude una sesi\u00f3n con un servidor con el que no la habr\u00eda reanudado durante el handshake inicial, o hacer que un servidor reanude una sesi\u00f3n con un cliente con el que no la habr\u00eda reanudado durante el handshake inicial.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.13\",\"matchCriteriaId\":\"9FEE539A-EDC2-4044-A38C-5A0FDF567509\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.7\",\"matchCriteriaId\":\"B275853C-E253-485B-B469-31D1A7383965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.26.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E529A0EC-B944-4E2F-B26A-2A9F31AFF240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.26.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"553D6D90-140E-4A54-86A3-00E66AC30F3C\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/737700\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/77217\",\"source\":\"security@golang.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4337\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68121\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-29T03:55:46.305385Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295 Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-06T15:32:38.457Z\"}}], \"cna\": {\"title\": \"Unexpected session resumption in crypto/tls\", \"credits\": [{\"lang\": \"en\", \"value\": \"Coia Prant (github.com/rbqvq)\"}, {\"lang\": \"en\", \"value\": \"Go Security Team\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/tls\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.24.13\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.25.0-0\", \"lessThan\": \"1.25.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-rc.1\", \"lessThan\": \"1.26.0-rc.3\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/tls\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Conn.handshakeContext\"}, {\"name\": \"Conn.Handshake\"}, {\"name\": \"Conn.HandshakeContext\"}, {\"name\": \"Conn.Read\"}, {\"name\": \"Conn.Write\"}, {\"name\": \"Dial\"}, {\"name\": \"DialWithDialer\"}, {\"name\": \"Dialer.Dial\"}, {\"name\": \"Dialer.DialContext\"}, {\"name\": \"QUICConn.Start\"}]}], \"references\": [{\"url\": \"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk\"}, {\"url\": \"https://go.dev/cl/737700\"}, {\"url\": \"https://go.dev/issue/77217\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4337\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-295: Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-02-05T17:48:44.141Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-68121\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-29T13:29:25.582Z\", \"dateReserved\": \"2025-12-15T16:48:04.451Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-02-05T17:48:44.141Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2026:20085-1
Vulnerability from csaf_opensuse - Published: 2026-01-22 15:49 - Updated: 2026-01-22 15:49Summary
Security update for go1.25
Severity
Important
Notes
Title of the patch: Security update for go1.25
Description of the patch: This update for go1.25 fixes the following issues:
Update to go1.25.6 (released 2026-01-15) (bsc#1244485)
Security fixes:
- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821).
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820).
- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819).
- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817).
- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818).
Other fixes:
* go#76392 os: package initialization hangs is Stdin is blocked
* go#76409 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled
* go#76620 os: on Unix, Readdirnames skips directory entries with zero inodes
* go#76761 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386
* go#76776 runtime: race detector crash on ppc64le
* go#76967 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling <function>: runtime error: index out of range
* go#76973 errors: errors.Join behavior changed in 1.25
Patchnames: openSUSE-Leap-16.0-174
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.25",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.25 fixes the following issues:\n\nUpdate to go1.25.6 (released 2026-01-15) (bsc#1244485)\n\nSecurity fixes:\n\n - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821).\n - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820).\n - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819).\n - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817).\n - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816).\n - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818).\n\nOther fixes:\n\n * go#76392 os: package initialization hangs is Stdin is blocked\n * go#76409 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled\n * go#76620 os: on Unix, Readdirnames skips directory entries with zero inodes\n * go#76761 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386\n * go#76776 runtime: race detector crash on ppc64le\n * go#76967 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling \u0026lt;function\u0026gt;: runtime error: index out of range\n * go#76973 errors: errors.Join behavior changed in 1.25\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-174",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20085-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1244485",
"url": "https://bugzilla.suse.com/1244485"
},
{
"category": "self",
"summary": "SUSE Bug 1256816",
"url": "https://bugzilla.suse.com/1256816"
},
{
"category": "self",
"summary": "SUSE Bug 1256817",
"url": "https://bugzilla.suse.com/1256817"
},
{
"category": "self",
"summary": "SUSE Bug 1256818",
"url": "https://bugzilla.suse.com/1256818"
},
{
"category": "self",
"summary": "SUSE Bug 1256819",
"url": "https://bugzilla.suse.com/1256819"
},
{
"category": "self",
"summary": "SUSE Bug 1256820",
"url": "https://bugzilla.suse.com/1256820"
},
{
"category": "self",
"summary": "SUSE Bug 1256821",
"url": "https://bugzilla.suse.com/1256821"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "Security update for go1.25",
"tracking": {
"current_release_date": "2026-01-22T15:49:20Z",
"generator": {
"date": "2026-01-22T15:49:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20085-1",
"initial_release_date": "2026-01-22T15:49:20Z",
"revision_history": [
{
"date": "2026-01-22T15:49:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.6-160000.1.1.aarch64",
"product": {
"name": "go1.25-1.25.6-160000.1.1.aarch64",
"product_id": "go1.25-1.25.6-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.6-160000.1.1.aarch64",
"product": {
"name": "go1.25-doc-1.25.6-160000.1.1.aarch64",
"product_id": "go1.25-doc-1.25.6-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.6-160000.1.1.aarch64",
"product": {
"name": "go1.25-libstd-1.25.6-160000.1.1.aarch64",
"product_id": "go1.25-libstd-1.25.6-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.6-160000.1.1.aarch64",
"product": {
"name": "go1.25-race-1.25.6-160000.1.1.aarch64",
"product_id": "go1.25-race-1.25.6-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.6-160000.1.1.ppc64le",
"product": {
"name": "go1.25-1.25.6-160000.1.1.ppc64le",
"product_id": "go1.25-1.25.6-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.6-160000.1.1.ppc64le",
"product": {
"name": "go1.25-doc-1.25.6-160000.1.1.ppc64le",
"product_id": "go1.25-doc-1.25.6-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.6-160000.1.1.ppc64le",
"product": {
"name": "go1.25-race-1.25.6-160000.1.1.ppc64le",
"product_id": "go1.25-race-1.25.6-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.6-160000.1.1.s390x",
"product": {
"name": "go1.25-1.25.6-160000.1.1.s390x",
"product_id": "go1.25-1.25.6-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.6-160000.1.1.s390x",
"product": {
"name": "go1.25-doc-1.25.6-160000.1.1.s390x",
"product_id": "go1.25-doc-1.25.6-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.6-160000.1.1.s390x",
"product": {
"name": "go1.25-race-1.25.6-160000.1.1.s390x",
"product_id": "go1.25-race-1.25.6-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.6-160000.1.1.x86_64",
"product": {
"name": "go1.25-1.25.6-160000.1.1.x86_64",
"product_id": "go1.25-1.25.6-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.6-160000.1.1.x86_64",
"product": {
"name": "go1.25-doc-1.25.6-160000.1.1.x86_64",
"product_id": "go1.25-doc-1.25.6-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.6-160000.1.1.x86_64",
"product": {
"name": "go1.25-libstd-1.25.6-160000.1.1.x86_64",
"product_id": "go1.25-libstd-1.25.6-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.6-160000.1.1.x86_64",
"product": {
"name": "go1.25-race-1.25.6-160000.1.1.x86_64",
"product_id": "go1.25-race-1.25.6-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.6-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64"
},
"product_reference": "go1.25-1.25.6-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.6-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le"
},
"product_reference": "go1.25-1.25.6-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.6-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x"
},
"product_reference": "go1.25-1.25.6-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.6-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64"
},
"product_reference": "go1.25-1.25.6-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.6-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64"
},
"product_reference": "go1.25-doc-1.25.6-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.6-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le"
},
"product_reference": "go1.25-doc-1.25.6-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.6-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x"
},
"product_reference": "go1.25-doc-1.25.6-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.6-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64"
},
"product_reference": "go1.25-doc-1.25.6-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.6-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64"
},
"product_reference": "go1.25-libstd-1.25.6-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.6-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64"
},
"product_reference": "go1.25-libstd-1.25.6-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.6-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64"
},
"product_reference": "go1.25-race-1.25.6-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.6-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le"
},
"product_reference": "go1.25-race-1.25.6-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.6-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x"
},
"product_reference": "go1.25-race-1.25.6-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.6-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
},
"product_reference": "go1.25-race-1.25.6-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61726"
}
],
"notes": [
{
"category": "general",
"text": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61726",
"url": "https://www.suse.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "SUSE Bug 1256817 for CVE-2025-61726",
"url": "https://bugzilla.suse.com/1256817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T15:49:20Z",
"details": "moderate"
}
],
"title": "CVE-2025-61726"
},
{
"cve": "CVE-2025-61728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61728"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61728",
"url": "https://www.suse.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "SUSE Bug 1256816 for CVE-2025-61728",
"url": "https://bugzilla.suse.com/1256816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T15:49:20Z",
"details": "moderate"
}
],
"title": "CVE-2025-61728"
},
{
"cve": "CVE-2025-61730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61730"
}
],
"notes": [
{
"category": "general",
"text": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61730",
"url": "https://www.suse.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "SUSE Bug 1256821 for CVE-2025-61730",
"url": "https://bugzilla.suse.com/1256821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T15:49:20Z",
"details": "moderate"
}
],
"title": "CVE-2025-61730"
},
{
"cve": "CVE-2025-61731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61731"
}
],
"notes": [
{
"category": "general",
"text": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61731",
"url": "https://www.suse.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "SUSE Bug 1256819 for CVE-2025-61731",
"url": "https://bugzilla.suse.com/1256819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T15:49:20Z",
"details": "important"
}
],
"title": "CVE-2025-61731"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T15:49:20Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.6-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.6-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T15:49:20Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
}
]
}
OPENSUSE-SU-2026:20214-1
Vulnerability from csaf_opensuse - Published: 2026-02-13 10:08 - Updated: 2026-02-13 10:08Summary
Security update for go1.25
Severity
Critical
Notes
Title of the patch: Security update for go1.25
Description of the patch: This update for go1.25 fixes the following issues:
Update to version 1.25.7.
Security issues fixed:
- CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does
not account for the expiration of full certificate chain (bsc#1256818).
Other updates and bugfixes:
- version update to 1.25.7:
* go#75844 cmd/compile: OOM killed on linux/arm64
* go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs
* go#77425 crypto/tls: CL 737700 broke session resumption on macOS
Patchnames: openSUSE-Leap-16.0-269
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.6 (Critical)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.4 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.25",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.25 fixes the following issues:\n\nUpdate to version 1.25.7.\n\nSecurity issues fixed:\n\n- CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692).\n- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does\n not account for the expiration of full certificate chain (bsc#1256818).\n\nOther updates and bugfixes:\n\n- version update to 1.25.7:\n\n * go#75844 cmd/compile: OOM killed on linux/arm64\n * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs\n * go#77425 crypto/tls: CL 737700 broke session resumption on macOS\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-269",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20214-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1244485",
"url": "https://bugzilla.suse.com/1244485"
},
{
"category": "self",
"summary": "SUSE Bug 1256818",
"url": "https://bugzilla.suse.com/1256818"
},
{
"category": "self",
"summary": "SUSE Bug 1257692",
"url": "https://bugzilla.suse.com/1257692"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "Security update for go1.25",
"tracking": {
"current_release_date": "2026-02-13T10:08:14Z",
"generator": {
"date": "2026-02-13T10:08:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20214-1",
"initial_release_date": "2026-02-13T10:08:14Z",
"revision_history": [
{
"date": "2026-02-13T10:08:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.7-160000.1.1.aarch64",
"product": {
"name": "go1.25-1.25.7-160000.1.1.aarch64",
"product_id": "go1.25-1.25.7-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.7-160000.1.1.aarch64",
"product": {
"name": "go1.25-doc-1.25.7-160000.1.1.aarch64",
"product_id": "go1.25-doc-1.25.7-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.7-160000.1.1.aarch64",
"product": {
"name": "go1.25-libstd-1.25.7-160000.1.1.aarch64",
"product_id": "go1.25-libstd-1.25.7-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.7-160000.1.1.aarch64",
"product": {
"name": "go1.25-race-1.25.7-160000.1.1.aarch64",
"product_id": "go1.25-race-1.25.7-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.7-160000.1.1.ppc64le",
"product": {
"name": "go1.25-1.25.7-160000.1.1.ppc64le",
"product_id": "go1.25-1.25.7-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.7-160000.1.1.ppc64le",
"product": {
"name": "go1.25-doc-1.25.7-160000.1.1.ppc64le",
"product_id": "go1.25-doc-1.25.7-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.7-160000.1.1.ppc64le",
"product": {
"name": "go1.25-race-1.25.7-160000.1.1.ppc64le",
"product_id": "go1.25-race-1.25.7-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.7-160000.1.1.s390x",
"product": {
"name": "go1.25-1.25.7-160000.1.1.s390x",
"product_id": "go1.25-1.25.7-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.7-160000.1.1.s390x",
"product": {
"name": "go1.25-doc-1.25.7-160000.1.1.s390x",
"product_id": "go1.25-doc-1.25.7-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.7-160000.1.1.s390x",
"product": {
"name": "go1.25-race-1.25.7-160000.1.1.s390x",
"product_id": "go1.25-race-1.25.7-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.7-160000.1.1.x86_64",
"product": {
"name": "go1.25-1.25.7-160000.1.1.x86_64",
"product_id": "go1.25-1.25.7-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.7-160000.1.1.x86_64",
"product": {
"name": "go1.25-doc-1.25.7-160000.1.1.x86_64",
"product_id": "go1.25-doc-1.25.7-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.7-160000.1.1.x86_64",
"product": {
"name": "go1.25-libstd-1.25.7-160000.1.1.x86_64",
"product_id": "go1.25-libstd-1.25.7-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.7-160000.1.1.x86_64",
"product": {
"name": "go1.25-race-1.25.7-160000.1.1.x86_64",
"product_id": "go1.25-race-1.25.7-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.7-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.aarch64"
},
"product_reference": "go1.25-1.25.7-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.7-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.ppc64le"
},
"product_reference": "go1.25-1.25.7-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.7-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.s390x"
},
"product_reference": "go1.25-1.25.7-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.7-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.x86_64"
},
"product_reference": "go1.25-1.25.7-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.7-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.aarch64"
},
"product_reference": "go1.25-doc-1.25.7-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.7-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.ppc64le"
},
"product_reference": "go1.25-doc-1.25.7-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.7-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.s390x"
},
"product_reference": "go1.25-doc-1.25.7-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.7-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.x86_64"
},
"product_reference": "go1.25-doc-1.25.7-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.7-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.aarch64"
},
"product_reference": "go1.25-libstd-1.25.7-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.7-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.x86_64"
},
"product_reference": "go1.25-libstd-1.25.7-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.7-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.aarch64"
},
"product_reference": "go1.25-race-1.25.7-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.7-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.ppc64le"
},
"product_reference": "go1.25-race-1.25.7-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.7-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.s390x"
},
"product_reference": "go1.25-race-1.25.7-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.7-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.x86_64"
},
"product_reference": "go1.25-race-1.25.7-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61732"
}
],
"notes": [
{
"category": "general",
"text": "A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61732",
"url": "https://www.suse.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "SUSE Bug 1257692 for CVE-2025-61732",
"url": "https://bugzilla.suse.com/1257692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T10:08:14Z",
"details": "critical"
}
],
"title": "CVE-2025-61732"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T10:08:14Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
}
]
}
OPENSUSE-SU-2026:20220-1
Vulnerability from csaf_opensuse - Published: 2026-02-13 11:53 - Updated: 2026-02-13 11:53Summary
Security update for go1.24
Severity
Critical
Notes
Title of the patch: Security update for go1.24
Description of the patch: This update for go1.24 fixes the following issues:
Update to version 1.24.13.
Security issues fixed:
- CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does
not account for the expiration of full certificate chain (bsc#1256818).
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc1256820).
Other updates and bugfixes:
- version update to 1.24.13:
* go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs
* go#77424 crypto/tls: CL 737700 broke session resumption on macOS
Patchnames: openSUSE-Leap-16.0-270
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.6 (Critical)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.24",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.24 fixes the following issues:\n\nUpdate to version 1.24.13.\n\nSecurity issues fixed:\n\n- CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692).\n- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does\n not account for the expiration of full certificate chain (bsc#1256818).\n- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc1256820).\n\nOther updates and bugfixes:\n\n- version update to 1.24.13:\n\n * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs\n * go#77424 crypto/tls: CL 737700 broke session resumption on macOS\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-270",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20220-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1236217",
"url": "https://bugzilla.suse.com/1236217"
},
{
"category": "self",
"summary": "SUSE Bug 1256818",
"url": "https://bugzilla.suse.com/1256818"
},
{
"category": "self",
"summary": "SUSE Bug 1256820",
"url": "https://bugzilla.suse.com/1256820"
},
{
"category": "self",
"summary": "SUSE Bug 1257692",
"url": "https://bugzilla.suse.com/1257692"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "Security update for go1.24",
"tracking": {
"current_release_date": "2026-02-13T11:53:30Z",
"generator": {
"date": "2026-02-13T11:53:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20220-1",
"initial_release_date": "2026-02-13T11:53:30Z",
"revision_history": [
{
"date": "2026-02-13T11:53:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-1.24.13-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-doc-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-doc-1.24.13-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-libstd-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-libstd-1.24.13-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-race-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-race-1.24.13-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-1.24.13-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-doc-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-doc-1.24.13-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-race-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-race-1.24.13-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-1.24.13-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-doc-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-doc-1.24.13-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-race-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-race-1.24.13-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-1.24.13-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-doc-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-doc-1.24.13-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-libstd-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-libstd-1.24.13-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-race-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-race-1.24.13-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-doc-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-doc-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-doc-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-doc-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-libstd-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-libstd-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-race-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-race-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-race-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-race-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61732"
}
],
"notes": [
{
"category": "general",
"text": "A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61732",
"url": "https://www.suse.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "SUSE Bug 1257692 for CVE-2025-61732",
"url": "https://bugzilla.suse.com/1257692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T11:53:30Z",
"details": "critical"
}
],
"title": "CVE-2025-61732"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T11:53:30Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-libstd-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T11:53:30Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
}
]
}
OPENSUSE-SU-2026:20301-1
Vulnerability from csaf_opensuse - Published: 2026-03-03 09:04 - Updated: 2026-03-03 09:04Summary
Security update for go1.25-openssl
Severity
Important
Notes
Title of the patch: Security update for go1.25-openssl
Description of the patch: This update for go1.25-openssl fixes the following issues:
- Update to version 1.25.7 (jsc#SLE-18320)
- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821)
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820)
- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819)
- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817)
- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816)
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818)
- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation (bsc#1254431)
- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SA (bsc#1254430)
- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255)
- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress (bsc#1251253)
- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260)
- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258)
- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259)
- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256)
- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261)
- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257)
- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254)
- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262)
Patchnames: openSUSE-Leap-16.0-339
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
79 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.25-openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.25-openssl fixes the following issues:\n\n- Update to version 1.25.7 (jsc#SLE-18320)\n- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821)\n- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820)\n- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819)\n- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817)\n- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816)\n- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818)\n- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation (bsc#1254431)\n- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn\u0027t preclude wildcard SA (bsc#1254430)\n- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255)\n- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress (bsc#1251253)\n- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260)\n- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258)\n- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259)\n- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256)\n- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261)\n- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257)\n- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254)\n- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-339",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20301-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1244485",
"url": "https://bugzilla.suse.com/1244485"
},
{
"category": "self",
"summary": "SUSE Bug 1245878",
"url": "https://bugzilla.suse.com/1245878"
},
{
"category": "self",
"summary": "SUSE Bug 1249985",
"url": "https://bugzilla.suse.com/1249985"
},
{
"category": "self",
"summary": "SUSE Bug 1251253",
"url": "https://bugzilla.suse.com/1251253"
},
{
"category": "self",
"summary": "SUSE Bug 1251254",
"url": "https://bugzilla.suse.com/1251254"
},
{
"category": "self",
"summary": "SUSE Bug 1251255",
"url": "https://bugzilla.suse.com/1251255"
},
{
"category": "self",
"summary": "SUSE Bug 1251256",
"url": "https://bugzilla.suse.com/1251256"
},
{
"category": "self",
"summary": "SUSE Bug 1251257",
"url": "https://bugzilla.suse.com/1251257"
},
{
"category": "self",
"summary": "SUSE Bug 1251258",
"url": "https://bugzilla.suse.com/1251258"
},
{
"category": "self",
"summary": "SUSE Bug 1251259",
"url": "https://bugzilla.suse.com/1251259"
},
{
"category": "self",
"summary": "SUSE Bug 1251260",
"url": "https://bugzilla.suse.com/1251260"
},
{
"category": "self",
"summary": "SUSE Bug 1251261",
"url": "https://bugzilla.suse.com/1251261"
},
{
"category": "self",
"summary": "SUSE Bug 1251262",
"url": "https://bugzilla.suse.com/1251262"
},
{
"category": "self",
"summary": "SUSE Bug 1254227",
"url": "https://bugzilla.suse.com/1254227"
},
{
"category": "self",
"summary": "SUSE Bug 1254430",
"url": "https://bugzilla.suse.com/1254430"
},
{
"category": "self",
"summary": "SUSE Bug 1254431",
"url": "https://bugzilla.suse.com/1254431"
},
{
"category": "self",
"summary": "SUSE Bug 1256816",
"url": "https://bugzilla.suse.com/1256816"
},
{
"category": "self",
"summary": "SUSE Bug 1256817",
"url": "https://bugzilla.suse.com/1256817"
},
{
"category": "self",
"summary": "SUSE Bug 1256818",
"url": "https://bugzilla.suse.com/1256818"
},
{
"category": "self",
"summary": "SUSE Bug 1256819",
"url": "https://bugzilla.suse.com/1256819"
},
{
"category": "self",
"summary": "SUSE Bug 1256820",
"url": "https://bugzilla.suse.com/1256820"
},
{
"category": "self",
"summary": "SUSE Bug 1256821",
"url": "https://bugzilla.suse.com/1256821"
},
{
"category": "self",
"summary": "SUSE Bug 1257486",
"url": "https://bugzilla.suse.com/1257486"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47912 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58185 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58186 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58189 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "Security update for go1.25-openssl",
"tracking": {
"current_release_date": "2026-03-03T09:04:46Z",
"generator": {
"date": "2026-03-03T09:04:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20301-1",
"initial_release_date": "2026-03-03T09:04:46Z",
"revision_history": [
{
"date": "2026-03-03T09:04:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.25-openssl-1.25.7-160000.1.1.aarch64",
"product": {
"name": "go1.25-openssl-1.25.7-160000.1.1.aarch64",
"product_id": "go1.25-openssl-1.25.7-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"product": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"product_id": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"product": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"product_id": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"product": {
"name": "go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"product_id": "go1.25-openssl-1.25.7-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"product": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"product_id": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"product": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"product_id": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-openssl-1.25.7-160000.1.1.s390x",
"product": {
"name": "go1.25-openssl-1.25.7-160000.1.1.s390x",
"product_id": "go1.25-openssl-1.25.7-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"product": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"product_id": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"product": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"product_id": "go1.25-openssl-race-1.25.7-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-openssl-1.25.7-160000.1.1.x86_64",
"product": {
"name": "go1.25-openssl-1.25.7-160000.1.1.x86_64",
"product_id": "go1.25-openssl-1.25.7-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"product": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"product_id": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64",
"product": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64",
"product_id": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-1.25.7-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64"
},
"product_reference": "go1.25-openssl-1.25.7-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-1.25.7-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le"
},
"product_reference": "go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-1.25.7-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x"
},
"product_reference": "go1.25-openssl-1.25.7-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-1.25.7-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64"
},
"product_reference": "go1.25-openssl-1.25.7-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64"
},
"product_reference": "go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le"
},
"product_reference": "go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x"
},
"product_reference": "go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64"
},
"product_reference": "go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64"
},
"product_reference": "go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le"
},
"product_reference": "go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x"
},
"product_reference": "go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
},
"product_reference": "go1.25-openssl-race-1.25.7-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47912"
}
],
"notes": [
{
"category": "general",
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47912",
"url": "https://www.suse.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "SUSE Bug 1251257 for CVE-2025-47912",
"url": "https://bugzilla.suse.com/1251257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-47912"
},
{
"cve": "CVE-2025-58183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58183"
}
],
"notes": [
{
"category": "general",
"text": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58183",
"url": "https://www.suse.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "SUSE Bug 1251261 for CVE-2025-58183",
"url": "https://bugzilla.suse.com/1251261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58183"
},
{
"cve": "CVE-2025-58185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58185"
}
],
"notes": [
{
"category": "general",
"text": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58185",
"url": "https://www.suse.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "SUSE Bug 1251258 for CVE-2025-58185",
"url": "https://bugzilla.suse.com/1251258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58185"
},
{
"cve": "CVE-2025-58186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58186"
}
],
"notes": [
{
"category": "general",
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58186",
"url": "https://www.suse.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "SUSE Bug 1251259 for CVE-2025-58186",
"url": "https://bugzilla.suse.com/1251259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58186"
},
{
"cve": "CVE-2025-58187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58187"
}
],
"notes": [
{
"category": "general",
"text": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58187",
"url": "https://www.suse.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "SUSE Bug 1251254 for CVE-2025-58187",
"url": "https://bugzilla.suse.com/1251254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58187"
},
{
"cve": "CVE-2025-58188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58188"
}
],
"notes": [
{
"category": "general",
"text": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58188",
"url": "https://www.suse.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "SUSE Bug 1251260 for CVE-2025-58188",
"url": "https://bugzilla.suse.com/1251260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-58188"
},
{
"cve": "CVE-2025-58189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58189"
}
],
"notes": [
{
"category": "general",
"text": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58189",
"url": "https://www.suse.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "SUSE Bug 1251255 for CVE-2025-58189",
"url": "https://bugzilla.suse.com/1251255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-58189"
},
{
"cve": "CVE-2025-61723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61723"
}
],
"notes": [
{
"category": "general",
"text": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61723",
"url": "https://www.suse.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "SUSE Bug 1251256 for CVE-2025-61723",
"url": "https://bugzilla.suse.com/1251256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61723"
},
{
"cve": "CVE-2025-61724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61724"
}
],
"notes": [
{
"category": "general",
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61724",
"url": "https://www.suse.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "SUSE Bug 1251262 for CVE-2025-61724",
"url": "https://bugzilla.suse.com/1251262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61724"
},
{
"cve": "CVE-2025-61725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61725"
}
],
"notes": [
{
"category": "general",
"text": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61725",
"url": "https://www.suse.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "SUSE Bug 1251253 for CVE-2025-61725",
"url": "https://bugzilla.suse.com/1251253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61725"
},
{
"cve": "CVE-2025-61726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61726"
}
],
"notes": [
{
"category": "general",
"text": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61726",
"url": "https://www.suse.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "SUSE Bug 1256817 for CVE-2025-61726",
"url": "https://bugzilla.suse.com/1256817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61726"
},
{
"cve": "CVE-2025-61727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61727"
}
],
"notes": [
{
"category": "general",
"text": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61727",
"url": "https://www.suse.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "SUSE Bug 1254430 for CVE-2025-61727",
"url": "https://bugzilla.suse.com/1254430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-61727"
},
{
"cve": "CVE-2025-61728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61728"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61728",
"url": "https://www.suse.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "SUSE Bug 1256816 for CVE-2025-61728",
"url": "https://bugzilla.suse.com/1256816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61728"
},
{
"cve": "CVE-2025-61729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61729"
}
],
"notes": [
{
"category": "general",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61729",
"url": "https://www.suse.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "SUSE Bug 1254431 for CVE-2025-61729",
"url": "https://bugzilla.suse.com/1254431"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-61729"
},
{
"cve": "CVE-2025-61730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61730"
}
],
"notes": [
{
"category": "general",
"text": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61730",
"url": "https://www.suse.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "SUSE Bug 1256821 for CVE-2025-61730",
"url": "https://bugzilla.suse.com/1256821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-61730"
},
{
"cve": "CVE-2025-61731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61731"
}
],
"notes": [
{
"category": "general",
"text": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61731",
"url": "https://www.suse.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "SUSE Bug 1256819 for CVE-2025-61731",
"url": "https://bugzilla.suse.com/1256819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-61731"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-doc-1.25.7-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-openssl-race-1.25.7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
}
]
}
OPENSUSE-SU-2026:20308-1
Vulnerability from csaf_opensuse - Published: 2026-03-03 17:46 - Updated: 2026-03-03 17:46Summary
Security update for go1.24-openssl
Severity
Critical
Notes
Title of the patch: Security update for go1.24-openssl
Description of the patch: This update for go1.24-openssl fixes the following issues:
- Update to version 1.24.13 (jsc#SLE-18320)
- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. (bsc#1251255)
- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. (bsc#1251253)
- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys. (bsc#1251260)
- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion. (bsc#1251258)
- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion. (bsc#1251259)
- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs. (bsc#1251256)
- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map. (bsc#1251261)
- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames. (bsc#1251257)
- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints. (bsc#1251254)
- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse. (bsc#1251262)
- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation. (bsc#1254431)
- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN. (bsc#1254430)
- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level. (bsc#1256821)
- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution. (bsc#1256819)
- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm. (bsc#1256817)
- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives. (bsc#1256816)
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain. (bsc#1256818)
- CVE-2025-61732: cmd/go: potential code smuggling using doc comments. (bsc#1257692)
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain. (bsc#1256820)
Patchnames: openSUSE-Leap-16.0-346
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.6 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
83 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.24-openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.24-openssl fixes the following issues:\n\n- Update to version 1.24.13 (jsc#SLE-18320)\n- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. (bsc#1251255)\n- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. (bsc#1251253)\n- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys. (bsc#1251260)\n- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion. (bsc#1251258)\n- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion. (bsc#1251259)\n- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs. (bsc#1251256)\n- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map. (bsc#1251261)\n- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames. (bsc#1251257)\n- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints. (bsc#1251254)\n- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse. (bsc#1251262)\n- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation. (bsc#1254431)\n- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn\u0027t preclude wildcard SAN. (bsc#1254430)\n- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level. (bsc#1256821)\n- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution. (bsc#1256819)\n- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm. (bsc#1256817)\n- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives. (bsc#1256816)\n- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain. (bsc#1256818)\n- CVE-2025-61732: cmd/go: potential code smuggling using doc comments. (bsc#1257692)\n- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain. (bsc#1256820)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-346",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20308-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1236217",
"url": "https://bugzilla.suse.com/1236217"
},
{
"category": "self",
"summary": "SUSE Bug 1245878",
"url": "https://bugzilla.suse.com/1245878"
},
{
"category": "self",
"summary": "SUSE Bug 1247816",
"url": "https://bugzilla.suse.com/1247816"
},
{
"category": "self",
"summary": "SUSE Bug 1248082",
"url": "https://bugzilla.suse.com/1248082"
},
{
"category": "self",
"summary": "SUSE Bug 1249985",
"url": "https://bugzilla.suse.com/1249985"
},
{
"category": "self",
"summary": "SUSE Bug 1251253",
"url": "https://bugzilla.suse.com/1251253"
},
{
"category": "self",
"summary": "SUSE Bug 1251254",
"url": "https://bugzilla.suse.com/1251254"
},
{
"category": "self",
"summary": "SUSE Bug 1251255",
"url": "https://bugzilla.suse.com/1251255"
},
{
"category": "self",
"summary": "SUSE Bug 1251256",
"url": "https://bugzilla.suse.com/1251256"
},
{
"category": "self",
"summary": "SUSE Bug 1251257",
"url": "https://bugzilla.suse.com/1251257"
},
{
"category": "self",
"summary": "SUSE Bug 1251258",
"url": "https://bugzilla.suse.com/1251258"
},
{
"category": "self",
"summary": "SUSE Bug 1251259",
"url": "https://bugzilla.suse.com/1251259"
},
{
"category": "self",
"summary": "SUSE Bug 1251260",
"url": "https://bugzilla.suse.com/1251260"
},
{
"category": "self",
"summary": "SUSE Bug 1251261",
"url": "https://bugzilla.suse.com/1251261"
},
{
"category": "self",
"summary": "SUSE Bug 1251262",
"url": "https://bugzilla.suse.com/1251262"
},
{
"category": "self",
"summary": "SUSE Bug 1254430",
"url": "https://bugzilla.suse.com/1254430"
},
{
"category": "self",
"summary": "SUSE Bug 1254431",
"url": "https://bugzilla.suse.com/1254431"
},
{
"category": "self",
"summary": "SUSE Bug 1256816",
"url": "https://bugzilla.suse.com/1256816"
},
{
"category": "self",
"summary": "SUSE Bug 1256817",
"url": "https://bugzilla.suse.com/1256817"
},
{
"category": "self",
"summary": "SUSE Bug 1256818",
"url": "https://bugzilla.suse.com/1256818"
},
{
"category": "self",
"summary": "SUSE Bug 1256819",
"url": "https://bugzilla.suse.com/1256819"
},
{
"category": "self",
"summary": "SUSE Bug 1256820",
"url": "https://bugzilla.suse.com/1256820"
},
{
"category": "self",
"summary": "SUSE Bug 1256821",
"url": "https://bugzilla.suse.com/1256821"
},
{
"category": "self",
"summary": "SUSE Bug 1257692",
"url": "https://bugzilla.suse.com/1257692"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47912 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58183 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58185 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58186 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58187 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58189 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61723 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68119 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68121 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68121/"
}
],
"title": "Security update for go1.24-openssl",
"tracking": {
"current_release_date": "2026-03-03T17:46:58Z",
"generator": {
"date": "2026-03-03T17:46:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20308-1",
"initial_release_date": "2026-03-03T17:46:58Z",
"revision_history": [
{
"date": "2026-03-03T17:46:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.24-openssl-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-openssl-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-openssl-1.24.13-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"product": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"product_id": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-openssl-1.24.13-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"product": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"product_id": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-openssl-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-openssl-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-openssl-1.24.13-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"product": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"product_id": "go1.24-openssl-race-1.24.13-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-openssl-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-openssl-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-openssl-1.24.13-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64",
"product": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64",
"product_id": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-openssl-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-openssl-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-openssl-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64"
},
"product_reference": "go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le"
},
"product_reference": "go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x"
},
"product_reference": "go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
},
"product_reference": "go1.24-openssl-race-1.24.13-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47912"
}
],
"notes": [
{
"category": "general",
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47912",
"url": "https://www.suse.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "SUSE Bug 1251257 for CVE-2025-47912",
"url": "https://bugzilla.suse.com/1251257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-47912"
},
{
"cve": "CVE-2025-58183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58183"
}
],
"notes": [
{
"category": "general",
"text": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58183",
"url": "https://www.suse.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "SUSE Bug 1251261 for CVE-2025-58183",
"url": "https://bugzilla.suse.com/1251261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58183"
},
{
"cve": "CVE-2025-58185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58185"
}
],
"notes": [
{
"category": "general",
"text": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58185",
"url": "https://www.suse.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "SUSE Bug 1251258 for CVE-2025-58185",
"url": "https://bugzilla.suse.com/1251258"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58185"
},
{
"cve": "CVE-2025-58186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58186"
}
],
"notes": [
{
"category": "general",
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58186",
"url": "https://www.suse.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "SUSE Bug 1251259 for CVE-2025-58186",
"url": "https://bugzilla.suse.com/1251259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58186"
},
{
"cve": "CVE-2025-58187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58187"
}
],
"notes": [
{
"category": "general",
"text": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58187",
"url": "https://www.suse.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "SUSE Bug 1251254 for CVE-2025-58187",
"url": "https://bugzilla.suse.com/1251254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58187"
},
{
"cve": "CVE-2025-58188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58188"
}
],
"notes": [
{
"category": "general",
"text": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58188",
"url": "https://www.suse.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "SUSE Bug 1251260 for CVE-2025-58188",
"url": "https://bugzilla.suse.com/1251260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-58188"
},
{
"cve": "CVE-2025-58189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58189"
}
],
"notes": [
{
"category": "general",
"text": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58189",
"url": "https://www.suse.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "SUSE Bug 1251255 for CVE-2025-58189",
"url": "https://bugzilla.suse.com/1251255"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-58189"
},
{
"cve": "CVE-2025-61723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61723"
}
],
"notes": [
{
"category": "general",
"text": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61723",
"url": "https://www.suse.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "SUSE Bug 1251256 for CVE-2025-61723",
"url": "https://bugzilla.suse.com/1251256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61723"
},
{
"cve": "CVE-2025-61724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61724"
}
],
"notes": [
{
"category": "general",
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61724",
"url": "https://www.suse.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "SUSE Bug 1251262 for CVE-2025-61724",
"url": "https://bugzilla.suse.com/1251262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61724"
},
{
"cve": "CVE-2025-61725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61725"
}
],
"notes": [
{
"category": "general",
"text": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61725",
"url": "https://www.suse.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "SUSE Bug 1251253 for CVE-2025-61725",
"url": "https://bugzilla.suse.com/1251253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61725"
},
{
"cve": "CVE-2025-61726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61726"
}
],
"notes": [
{
"category": "general",
"text": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61726",
"url": "https://www.suse.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "SUSE Bug 1256817 for CVE-2025-61726",
"url": "https://bugzilla.suse.com/1256817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61726"
},
{
"cve": "CVE-2025-61727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61727"
}
],
"notes": [
{
"category": "general",
"text": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61727",
"url": "https://www.suse.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "SUSE Bug 1254430 for CVE-2025-61727",
"url": "https://bugzilla.suse.com/1254430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-61727"
},
{
"cve": "CVE-2025-61728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61728"
}
],
"notes": [
{
"category": "general",
"text": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61728",
"url": "https://www.suse.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "SUSE Bug 1256816 for CVE-2025-61728",
"url": "https://bugzilla.suse.com/1256816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61728"
},
{
"cve": "CVE-2025-61729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61729"
}
],
"notes": [
{
"category": "general",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61729",
"url": "https://www.suse.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "SUSE Bug 1254431 for CVE-2025-61729",
"url": "https://bugzilla.suse.com/1254431"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-61729"
},
{
"cve": "CVE-2025-61730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61730"
}
],
"notes": [
{
"category": "general",
"text": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61730",
"url": "https://www.suse.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "SUSE Bug 1256821 for CVE-2025-61730",
"url": "https://bugzilla.suse.com/1256821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-61730"
},
{
"cve": "CVE-2025-61731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61731"
}
],
"notes": [
{
"category": "general",
"text": "Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61731",
"url": "https://www.suse.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "SUSE Bug 1256819 for CVE-2025-61731",
"url": "https://bugzilla.suse.com/1256819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-61731"
},
{
"cve": "CVE-2025-61732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61732"
}
],
"notes": [
{
"category": "general",
"text": "A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61732",
"url": "https://www.suse.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "SUSE Bug 1257692 for CVE-2025-61732",
"url": "https://bugzilla.suse.com/1257692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "critical"
}
],
"title": "CVE-2025-61732"
},
{
"cve": "CVE-2025-68119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68119"
}
],
"notes": [
{
"category": "general",
"text": "Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68119",
"url": "https://www.suse.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "SUSE Bug 1256820 for CVE-2025-68119",
"url": "https://bugzilla.suse.com/1256820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-68119"
},
{
"cve": "CVE-2025-68121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68121"
}
],
"notes": [
{
"category": "general",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68121",
"url": "https://www.suse.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "SUSE Bug 1256818 for CVE-2025-68121",
"url": "https://bugzilla.suse.com/1256818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-doc-1.24.13-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.24-openssl-race-1.24.13-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T17:46:58Z",
"details": "important"
}
],
"title": "CVE-2025-68121"
}
]
}
RHSA-2026:10125
Vulnerability from csaf_redhat - Published: 2026-04-23 12:15 - Updated: 2026-05-26 08:14Summary
Red Hat Security Advisory: RHTAS 1.3.4 - Red Hat Trusted Artifact Signer Release
Severity
Important
Notes
Topic: The 1.3.4 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
Details: The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20 and 4.21
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod's filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.
9.6 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in BuildKit. Insufficient validation of Git URL fragment subdirectory components may allow a remote attacker to access files outside the checked-out Git repository root. This access is limited to files on the same mounted filesystem. This vulnerability could lead to unauthorized information disclosure.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
71 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.3.4 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20 and 4.21",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:10125",
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33211",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33747",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33748",
"url": "https://access.redhat.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10125.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.3.4 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-05-26T08:14:48+00:00",
"generator": {
"date": "2026-05-26T08:14:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:10125",
"initial_release_date": "2026-04-23T12:15:28+00:00",
"revision_history": [
{
"date": "2026-04-23T12:15:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-23T12:15:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T08:14:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.3",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64",
"product": {
"name": "registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64",
"product_id": "registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64",
"product_identification_helper": {
"purl": "pkg:oci/client-server-rhel9@sha256%3A9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1776339099"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
},
"product_reference": "registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33211",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-24T00:02:20.093480+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450554"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod\u0027s filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to have the permission to create ResolutionRequests (e.g., by creating TaskRuns or PipelineRuns that use the git resolver) within at least one specific namespace, limiting the exposure of this issue to authenticated users. Also, an attacker can read any file readable by the resolver pod process, including cluster secrets, allowing an escalation of privileges from namespace-scoped access to cluster-wide access. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "RHBZ#2450554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33211",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c",
"url": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5",
"url": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd",
"url": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae",
"url": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e",
"url": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db",
"url": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78",
"url": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
}
],
"release_date": "2026-03-23T23:55:54.089000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, restrict the creation of ResolutionRequests to trusted users and service accounts. Implement strict Role-Based Access Control (RBAC) policies to limit which tenants can create TaskRuns or PipelineRuns that utilize the Tekton Pipelines git resolver. This reduces the exposure by preventing unauthorized access to the resolver pod\u0027s filesystem.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver"
},
{
"cve": "CVE-2026-33747",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-27T02:01:29.921765+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452076"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BuildKit, a toolkit for converting source code to build artifacts. An untrusted BuildKit frontend can be leveraged to craft a malicious API message, allowing files to be written outside of the designated BuildKit state directory. This vulnerability, which is a form of arbitrary file write, could enable an attacker to execute unauthorized code or escalate their privileges on the system. This issue arises when custom BuildKit frontends are used with specific configuration options.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33747"
},
{
"category": "external",
"summary": "RHBZ#2452076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452076"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33747",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33747"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33747"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4c29-8rgm-jvjj"
}
],
"release_date": "2026-03-27T00:49:06.165000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, avoid using untrusted BuildKit frontends. Restrict the use of custom BuildKit frontends to only those from verified and trusted sources. Do not specify untrusted frontends via `#syntax` or `--build-arg BUILDKIT_SYNTAX`.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend"
},
{
"cve": "CVE-2026-33748",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-27T15:02:00.107493+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452271"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in BuildKit. Insufficient validation of Git URL fragment subdirectory components may allow a remote attacker to access files outside the checked-out Git repository root. This access is limited to files on the same mounted filesystem. This vulnerability could lead to unauthorized information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33748"
},
{
"category": "external",
"summary": "RHBZ#2452271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452271"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33748",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33748"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33748",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33748"
},
{
"category": "external",
"summary": "https://docs.docker.com/build/concepts/context/#url-fragments",
"url": "https://docs.docker.com/build/concepts/context/#url-fragments"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/releases/tag/v0.28.1",
"url": "https://github.com/moby/buildkit/releases/tag/v0.28.1"
},
{
"category": "external",
"summary": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4vrq-3vrq-g6gg"
}
],
"release_date": "2026-03-27T14:00:21.200000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T12:15:28+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/client-server-rhel9@sha256:9607f5c16d8e9d7ee2491ac04db78a52eb13ee0e93eeef79ff8bb6c8f9430c72_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:10158
Vulnerability from csaf_redhat - Published: 2026-04-23 14:13 - Updated: 2026-05-26 09:25Summary
Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.2
Severity
Important
Notes
Topic: Red Hat OpenShift Builds 1.7.2
Details: Releases of Red Hat OpenShift Builds 1.7.2
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod's filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.
9.6 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Threats
Impact
Important
References
58 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Builds 1.7.2",
"title": "Topic"
},
{
"category": "general",
"text": "Releases of Red Hat OpenShift Builds 1.7.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:10158",
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33211",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.7",
"url": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.7"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10158.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.2",
"tracking": {
"current_release_date": "2026-05-26T09:25:45+00:00",
"generator": {
"date": "2026-05-26T09:25:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:10158",
"initial_release_date": "2026-04-23T14:13:54+00:00",
"revision_history": [
{
"date": "2026-04-23T14:13:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-23T14:14:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:25:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Builds 1.7.2",
"product": {
"name": "Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_builds:1.7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Builds"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3Af5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-operator-bundle@sha256%3A093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776937971"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3Af2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3A153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3Aeb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3Ab020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3Acd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3Aec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3A88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3Af17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3Aa4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3Ab39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3A1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3Ab2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3Ae593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T14:13:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T14:13:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T14:13:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T14:13:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33211",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-24T00:02:20.093480+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450554"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod\u0027s filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to have the permission to create ResolutionRequests (e.g., by creating TaskRuns or PipelineRuns that use the git resolver) within at least one specific namespace, limiting the exposure of this issue to authenticated users. Also, an attacker can read any file readable by the resolver pod process, including cluster secrets, allowing an escalation of privileges from namespace-scoped access to cluster-wide access. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "RHBZ#2450554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33211",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c",
"url": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5",
"url": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd",
"url": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae",
"url": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e",
"url": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db",
"url": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78",
"url": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
}
],
"release_date": "2026-03-23T23:55:54.089000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T14:13:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, restrict the creation of ResolutionRequests to trusted users and service accounts. Implement strict Role-Based Access Control (RBAC) policies to limit which tenants can create TaskRuns or PipelineRuns that utilize the Tekton Pipelines git resolver. This reduces the exposure by preventing unauthorized access to the resolver pod\u0027s filesystem.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T14:13:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10158"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
RHSA-2026:10225
Vulnerability from csaf_redhat - Published: 2026-04-23 18:54 - Updated: 2026-05-26 09:03Summary
Red Hat Security Advisory: Red Hat Web Terminal Operator 1.12.0 release.
Severity
Important
Notes
Topic: Red Hat Web Terminal Operator 1.12.0 has been released.
Details: The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64 | — |
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64 | — |
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64 | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64 | — |
Workaround
|
Threats
Impact
Important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Web Terminal Operator 1.12.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:10225",
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-360",
"url": "https://redhat.atlassian.net/browse/WTO-360"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-362",
"url": "https://redhat.atlassian.net/browse/WTO-362"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-365",
"url": "https://redhat.atlassian.net/browse/WTO-365"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-370",
"url": "https://redhat.atlassian.net/browse/WTO-370"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-380",
"url": "https://redhat.atlassian.net/browse/WTO-380"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-385",
"url": "https://redhat.atlassian.net/browse/WTO-385"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-389",
"url": "https://redhat.atlassian.net/browse/WTO-389"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10225.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Web Terminal Operator 1.12.0 release.",
"tracking": {
"current_release_date": "2026-05-26T09:03:05+00:00",
"generator": {
"date": "2026-05-26T09:03:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:10225",
"initial_release_date": "2026-04-23T18:54:04+00:00",
"revision_history": [
{
"date": "2026-04-23T18:54:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-23T18:54:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T09:03:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.12",
"product": {
"name": "Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.12::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-exec-rhel9@sha256%3A0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776959849"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-rhel9-operator@sha256%3A78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776959828"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-operator-bundle@sha256%3A1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776959800"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256%3A74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776959862"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64 as a component of Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64 as a component of Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64 as a component of Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64 as a component of Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T18:54:04+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.17 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T18:54:04+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.17 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T18:54:04+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.17 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T18:54:04+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.17 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T18:54:04+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.17 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:0d1d6a7ab4d79ce38526b5cba5b2bf7cfcb4229384115e71770a4f47db5575e2_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:1be7fa359ffbd5516fe2edea73d6357c14487043300bbdedf638442995a48a05_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78bf63531eca4a31679ce352adf95cbce86ecaa9dded662cc5d19e573c5e8c38_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:74189cad04c4a910367bd79b404f36f42f6379d943a1c96a4d99aa5d8aa8fe15_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
}
]
}
RHSA-2026:10250
Vulnerability from csaf_redhat - Published: 2026-04-23 20:17 - Updated: 2026-05-26 05:25Summary
Red Hat Security Advisory: Red Hat Web Terminal Operator 1.11.0 release.
Severity
Important
Notes
Topic: Red Hat Web Terminal Operator 1.11.0 has been released.
Details: The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64 | — |
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64 | — |
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64 | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64 | — |
Workaround
|
Threats
Impact
Important
References
53 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Web Terminal Operator 1.11.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:10250",
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-364",
"url": "https://redhat.atlassian.net/browse/WTO-364"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-369",
"url": "https://redhat.atlassian.net/browse/WTO-369"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-374",
"url": "https://redhat.atlassian.net/browse/WTO-374"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-379",
"url": "https://redhat.atlassian.net/browse/WTO-379"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-384",
"url": "https://redhat.atlassian.net/browse/WTO-384"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-387",
"url": "https://redhat.atlassian.net/browse/WTO-387"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10250.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Web Terminal Operator 1.11.0 release.",
"tracking": {
"current_release_date": "2026-05-26T05:25:32+00:00",
"generator": {
"date": "2026-05-26T05:25:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:10250",
"initial_release_date": "2026-04-23T20:17:23+00:00",
"revision_history": [
{
"date": "2026-04-23T20:17:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-23T20:17:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T05:25:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.11",
"product": {
"name": "Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.11::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-exec-rhel9@sha256%3A3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776966691"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-rhel9-operator@sha256%3A4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776966690"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-operator-bundle@sha256%3A02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776966665"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256%3Ada64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal\u0026tag=1776966742"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64 as a component of Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64 as a component of Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64 as a component of Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64 as a component of Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T20:17:23+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T20:17:23+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T20:17:23+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T20:17:23+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-23T20:17:23+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:3f023579aeb7ef51b78419eadc9a5336ad13d22d437566f57f134ffe8b195a44_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:02e55ec3e1891323a0a33432610bd6a1d792aa4a3d3d74419c862cd22b4d012c_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4a962859025e5e34351919c61cd8b62c31117ee85810675ef9a2f9e13f805395_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:da64b849bc965960d18250fe15ad3c07a9a648618c546a017d0a1c843e623d4a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
}
]
}
RHSA-2026:11331
Vulnerability from csaf_redhat - Published: 2026-04-28 07:19 - Updated: 2026-05-26 08:15Summary
Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.2
Severity
Important
Notes
Topic: Red Hat OpenShift Builds 1.7.2
Details: Releases of Red Hat OpenShift Builds 1.7.2
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod's filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.
9.6 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
8.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x | — |
Threats
Impact
Important
References
58 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Builds 1.7.2",
"title": "Topic"
},
{
"category": "general",
"text": "Releases of Red Hat OpenShift Builds 1.7.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11331",
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33211",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.7",
"url": "https://docs.redhat.com/en/documentation/builds_for_red_hat_openshift/1.7"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11331.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.2",
"tracking": {
"current_release_date": "2026-05-26T08:15:07+00:00",
"generator": {
"date": "2026-05-26T08:15:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:11331",
"initial_release_date": "2026-04-28T07:19:47+00:00",
"revision_history": [
{
"date": "2026-04-28T07:19:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-28T07:20:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-26T08:15:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Builds 1.7.2",
"product": {
"name": "Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_builds:1.7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Builds"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3Af5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-operator-bundle@sha256%3A093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776937971"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3Af2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3A153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495?arch=amd64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3Aeb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3A7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3Ab020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3Acd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa?arch=arm64\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3Aec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3A678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3A88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3Af17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3A779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-controller-rhel9@sha256%3A5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-git-cloner-rhel9@sha256%3Aa4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776847166"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-bundler-rhel9@sha256%3A8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-image-processing-rhel9@sha256%3A679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776849396"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-rhel9-operator@sha256%3A7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776860241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-rhel9@sha256%3Ab39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776851459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-shared-resource-webhook-rhel9@sha256%3A1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776852111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-waiters-rhel9@sha256%3Ab2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"product": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"product_id": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-builds-webhook-rhel9@sha256%3Ae593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-builds\u0026tag=1776846493"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64 as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x as a component of Red Hat OpenShift Builds 1.7.2",
"product_id": "Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
},
"product_reference": "registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Builds 1.7.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:19:47+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:19:47+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:19:47+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:19:47+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33211",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-24T00:02:20.093480+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450554"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Tekton Pipelines, specifically in the Tekton Pipelines git resolver. A tenant with permissions to create ResolutionRequests can exploit a path traversal vulnerability via the `pathInRepo` parameter. This allows the tenant to read arbitrary files from the resolver pod\u0027s filesystem, leading to information disclosure, including sensitive ServiceAccount tokens. The contents of these files are returned in a base64-encoded format.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to have the permission to create ResolutionRequests (e.g., by creating TaskRuns or PipelineRuns that use the git resolver) within at least one specific namespace, limiting the exposure of this issue to authenticated users. Also, an attacker can read any file readable by the resolver pod process, including cluster secrets, allowing an escalation of privileges from namespace-scoped access to cluster-wide access. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33211"
},
{
"category": "external",
"summary": "RHBZ#2450554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33211",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c",
"url": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5",
"url": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd",
"url": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae",
"url": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e",
"url": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db",
"url": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78",
"url": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"
},
{
"category": "external",
"summary": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c",
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
}
],
"release_date": "2026-03-23T23:55:54.089000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:19:47+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, restrict the creation of ResolutionRequests to trusted users and service accounts. Implement strict Role-Based Access Control (RBAC) policies to limit which tenants can create TaskRuns or PipelineRuns that utilize the Tekton Pipelines git resolver. This reduces the exposure by preventing unauthorized access to the resolver pod\u0027s filesystem.",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:19:47+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Builds 1.7.1 upgrades to to 1.7.2",
"product_ids": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11331"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5008dcb0428a0837b9abd827963e7008c8e16af8cfcbd432421286fca63fe714_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:5856cba3fe26ab7f756ba93e06caa6e522336ff36ff4c515132a8d35c85a2f64_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:6ddf185f2714d45fab92c831bf32673da55c7a43dbcf1bd22090b203791e03b2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-controller-rhel9@sha256:eb32b129ea6a10b4aada4313ff11b04c33b99877eea9a5e567245d361d69f140_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:165f6085028f3859f6ede9176d413274ee1a457b72cd9c437795146c20b0722c_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:7a39f26f51bcbb4ef395208db01e2b0ee8b1fe9b15b3701c9c35d8f636f790d9_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:a4d609ff22b610b625a74fffd22883d5debe93c2e0c6ae2bcbbfd8f5f6b2cf12_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-git-cloner-rhel9@sha256:ec02f5f031fefd5a610b69a81be5350f96e54511e2d2c619e8b9fe8f193297b6_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:0070df2a8c7882ae021000c498ead96b19f1bd6819e46657d5898cb71e6ec506_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:4b578a8ef1579d7168b7f0a1b7cebe66213003f8225a86cfdd4c9f24a5e2d871_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:8d6371a5fe374e3bc5c19a930ea712d266fab13a722768204b128bc71e928c97_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-bundler-rhel9@sha256:985b19d79b3e54fc8b99b9b0239b74dcf6d0102d3ff0cd5363ae4627069d2ee1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:2a0a6ea6465a6d165f072ef782a1825cc16ecfb2f8c58d5ec58c1d40d02e5208_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:679b470190ff7a7fc04e283884be4f24d1b0c475d0730fb718f2f45c60551b61_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:9734d0dc0367884e128837b7d02038a3b4136c4865ed3dc90902801393e178b4_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-image-processing-rhel9@sha256:f5f35702e424cd4e9b768c59d44928844b2d09fbb98d368ae7b54b7ec0771d13_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-operator-bundle@sha256:093834bac2e2f7f01968ef542b9bcbf5fbe530c9f0dd86521825797abb4a33a2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:190edd3effb60c56c885fc964d3eb48076293e1e43d745c4615ed00ef7daa145_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:382be8775c61942123adac2acec9f48085ebf7fd2b286c20e36a33ea6462baa7_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:5e83175abaef1e3046bac94621a86e036317833c740cdd6d235f1133a1388dd3_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-rhel9-operator@sha256:7173a298b07cbde3cd9ff12ca25f26ccf79b9ff8cfcb35a001c9f8c0b0291436_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:16cf5e33f297c027686d3ba9c6cbb01dba7a39299e2765fe4eaacc892b32f0d1_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:4715242f98234d2018f8317d9a57f63ff23b4d63be96491d55af2a2ef4572261_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:678c8d38900d994c4aa2e23669b7901747028690a4c5e4ba9aced4cbfe22b248_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-rhel9@sha256:b39a2930e310d432a840798f03f7e55b8da42ff16ccda31790f85558d2be2537_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:1d01e27a3cdea6c99a985b877e29629d1c1fb00203f4a90c45db6df7a602e2cc_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:88b38ad10068e0574d2e5934849b98429c69305633b42aa4d19822ede2a6e10d_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:b020334c46f2d7276ba0c3aa8be7951254b197b2da310f0c22d2e16681a6a265_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-shared-resource-webhook-rhel9@sha256:f2c222424cd66659ebea6787b6934c2d01d9eeb4f7db03ebfa16ab7b65aeb5b2_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:153f9e059139e6dbaeb2e5166d21bfeec59a59aa5cd8045e11dbfa091479b4bb_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:b2173caa314ae26d2a300f61cfa94031c34fe7676fd007418849212082db3636_s390x",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:cd9ada6b38c080eec45e1d053ec305dde2d574899019ffb01a28dbe1dd582912_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-waiters-rhel9@sha256:f17eb032f7250aa4a3bb99e2754fa4cb0dbfc9fbbb8c787f70ad30b71b27b5a2_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:1a57b53f8642ccb95884687efc251ad52e8ee3e718b55d0f4d21f800dfd3f5fa_arm64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:6234cfecf4dd75b8c4ff1c527ad4eb306d966cfa0170ecdb8ea4bc69c2cdc495_amd64",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:779e75a94141db7f8223b9861ba2fa3ba8baf6fa470bb0ab109945d75e20121b_ppc64le",
"Red Hat OpenShift Builds 1.7.2:registry.redhat.io/openshift-builds/openshift-builds-webhook-rhel9@sha256:e593bebc4e753ac3c4cdd1be05711452dbda6e3b015b37926fa804851bdad6a8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…