Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-42282 (GCVE-0-2023-42282)
Vulnerability from cvelistv5 – Published: 2024-02-08 00:00 – Updated: 2025-05-15 19:42
VLAI
EPSS
Summary
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:51.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0008/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42282",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:58:36.885808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T19:42:13.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T21:53:10.340Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"
},
{
"url": "https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894"
},
{
"url": "https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240315-0008/"
},
{
"url": "https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42282",
"datePublished": "2024-02-08T00:00:00.000Z",
"dateReserved": "2023-09-08T00:00:00.000Z",
"dateUpdated": "2025-05-15T19:42:13.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-42282",
"date": "2026-05-30",
"epss": "0.0067",
"percentile": "0.71696"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-42282\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-02-08T17:15:10.840\",\"lastModified\":\"2025-05-15T20:15:26.367\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.\"},{\"lang\":\"es\",\"value\":\"Un problema en el paquete IP NPM v.1.1.8 y anteriores permite a un atacante ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n isPublic().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedorindutny:ip:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.1.9\",\"matchCriteriaId\":\"3117142B-3F19-42D1-8A43-EEE2ECA4BA6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedorindutny:ip:2.0.0:*:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"45CEC4AC-81A3-4E86-A25C-292D4755A13F\"}]}]}],\"references\":[{\"url\":\"https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Technical Description\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240315-0008/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240315-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240315-0008/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:16:51.020Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-42282\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T15:58:36.885808Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T15:58:38.458Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html\"}, {\"url\": \"https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894\"}, {\"url\": \"https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240315-0008/\"}, {\"url\": \"https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-07-03T21:53:10.340Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-42282\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-15T19:42:13.205Z\", \"dateReserved\": \"2023-09-08T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-02-08T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2024:3868
Vulnerability from csaf_redhat - Published: 2024-06-17 00:43 - Updated: 2026-05-30 14:30Summary
Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift
Severity
Important
Notes
Topic: Network Observability 1.6 for Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Network Observability 1.6.0
Security Fix(es):
* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak
* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function
* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests
* CVE-2024-28849 follow-redirects: Possible credential leak
* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm
* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping
* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).
5.3 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.
9.8 (Critical)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
5.3 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.
6.5 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.
5.9 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.
6.5 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Express.js minimalist web framework for node. Upstream versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in upstream version 4.19.2 and 5.0.0-beta.3.
6.1 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.
7.4 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
93 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Network Observability 1.6 for Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Network Observability 1.6.0\n\nSecurity Fix(es):\n\n* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak\n* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON\n* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function\n* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests\n* CVE-2024-28849 follow-redirects: Possible credential leak\n* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm\n* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect\n* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm\n* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping\n* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3868",
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2253330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330"
},
{
"category": "external",
"summary": "2265161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "2268046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
},
{
"category": "external",
"summary": "2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "2290901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901"
},
{
"category": "external",
"summary": "NETOBSERV-1279",
"url": "https://issues.redhat.com/browse/NETOBSERV-1279"
},
{
"category": "external",
"summary": "NETOBSERV-1408",
"url": "https://issues.redhat.com/browse/NETOBSERV-1408"
},
{
"category": "external",
"summary": "NETOBSERV-1424",
"url": "https://issues.redhat.com/browse/NETOBSERV-1424"
},
{
"category": "external",
"summary": "NETOBSERV-1453",
"url": "https://issues.redhat.com/browse/NETOBSERV-1453"
},
{
"category": "external",
"summary": "NETOBSERV-1459",
"url": "https://issues.redhat.com/browse/NETOBSERV-1459"
},
{
"category": "external",
"summary": "NETOBSERV-1462",
"url": "https://issues.redhat.com/browse/NETOBSERV-1462"
},
{
"category": "external",
"summary": "NETOBSERV-1544",
"url": "https://issues.redhat.com/browse/NETOBSERV-1544"
},
{
"category": "external",
"summary": "NETOBSERV-1598",
"url": "https://issues.redhat.com/browse/NETOBSERV-1598"
},
{
"category": "external",
"summary": "NETOBSERV-1606",
"url": "https://issues.redhat.com/browse/NETOBSERV-1606"
},
{
"category": "external",
"summary": "NETOBSERV-1607",
"url": "https://issues.redhat.com/browse/NETOBSERV-1607"
},
{
"category": "external",
"summary": "NETOBSERV-1621",
"url": "https://issues.redhat.com/browse/NETOBSERV-1621"
},
{
"category": "external",
"summary": "NETOBSERV-1630",
"url": "https://issues.redhat.com/browse/NETOBSERV-1630"
},
{
"category": "external",
"summary": "NETOBSERV-1647",
"url": "https://issues.redhat.com/browse/NETOBSERV-1647"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3868.json"
}
],
"title": "Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift",
"tracking": {
"current_release_date": "2026-05-30T14:30:04+00:00",
"generator": {
"date": "2026-05-30T14:30:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:3868",
"initial_release_date": "2024-06-17T00:43:37+00:00",
"revision_history": [
{
"date": "2024-06-17T00:43:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-17T00:43:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-30T14:30:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NETOBSERV 1.6 for RHEL 9",
"product": {
"name": "NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_observ_optr:1.6.0::el9"
}
}
}
],
"category": "product_family",
"name": "Network Observability"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"product_id": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"product_id": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.6.0-66"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.6.0-78"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.6.0-66"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64 as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le as a component of NETOBSERV 1.6 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39326",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39326"
},
{
"category": "external",
"summary": "RHBZ#2253330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2382",
"url": "https://pkg.go.dev/vuln/GO-2023-2382"
}
],
"release_date": "2023-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "No mitigation is available for this flaw.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests"
},
{
"cve": "CVE-2023-42282",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2265161"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ip: arbitrary code execution via the isPublic() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it\u0027s categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.\n\nRed Hat Developer Hub contains a fix in 1.1-91 version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-42282"
},
{
"category": "external",
"summary": "RHBZ#2265161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282"
},
{
"category": "external",
"summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html",
"url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"
}
],
"release_date": "2024-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-ip: arbitrary code execution via the isPublic() function"
},
{
"cve": "CVE-2023-45289",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45289"
},
{
"category": "external",
"summary": "RHBZ#2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect"
},
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-24785",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24785"
},
{
"category": "external",
"summary": "RHBZ#2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785"
},
{
"category": "external",
"summary": "https://go.dev/cl/564196",
"url": "https://go.dev/cl/564196"
},
{
"category": "external",
"summary": "https://go.dev/issue/65697",
"url": "https://go.dev/issue/65697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2024-2610.json",
"url": "https://vuln.go.dev/ID/GO-2024-2610.json"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping"
},
{
"cve": "CVE-2024-24786",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268046"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "RHBZ#2268046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786"
},
{
"category": "external",
"summary": "https://go.dev/cl/569356",
"url": "https://go.dev/cl/569356"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/",
"url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2611",
"url": "https://pkg.go.dev/vuln/GO-2024-2611"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2269576"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Possible credential leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28849"
},
{
"category": "external",
"summary": "RHBZ#2269576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
}
],
"release_date": "2024-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Possible credential leak"
},
{
"cve": "CVE-2024-29041",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2024-06-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2290901"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Express.js minimalist web framework for node. Upstream versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL, Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This issue can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()`, but this is also called from within `res.redirect()`. The vulnerability is fixed in upstream version 4.19.2 and 5.0.0-beta.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: cause malformed URLs to be evaluated",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 only uses express as part of build time development dependency, it is not part of the final product delivery.\n\nUpstream versions should not be relied upon for ultimate determination of affectedness. Red Hat might backport fixes from upstream versions on a case by case basis.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29041"
},
{
"category": "external",
"summary": "RHBZ#2290901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29041"
},
{
"category": "external",
"summary": "https://expressjs.com/en/4x/api.html#res.location",
"url": "https://expressjs.com/en/4x/api.html#res.location"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd",
"url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94",
"url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/pull/5539",
"url": "https://github.com/expressjs/express/pull/5539"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc"
},
{
"category": "external",
"summary": "https://github.com/koajs/koa/issues/1800",
"url": "https://github.com/koajs/koa/issues/1800"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "express: cause malformed URLs to be evaluated"
},
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-17T00:43:37+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3868"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:2791f24b0410092f1f87ff0cc37b0b17f149b20446d755995c4fc5fb2f937f15_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:798960bd10c9b7f5b688b605e50e01087361eafcc0c844394fc7762f3ca88443_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b4859faa6fb6d2a2e28100004d3daca28c7be7501aaffa92113093083de32728_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-cli-rhel9@sha256:b6588b788130d3a04d02778684aff2ce895e329115929416d9c006e2b1a86982_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:1ced6f1518fc53dfd52df9e2e823b120713eb0c894c55a5cc8925e781e2cf6cc_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:3f651994af1446e77a82b9d09786312c15d81b167766989889d3e13d365ea483_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:42a46f4b81016b1f9ad0532dc0e79286feaf6c1a764ee227d4b77b1607b90f91_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-console-plugin-rhel9@sha256:dc8d6de0a66d862bdadcfe32ead8c5f70466d40877d58fdb3de05aa703660d65_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:917b0c08532d6014acfa9b21fdb8db5d4980353151527ad0af6ec196884233bf_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:946b8f7d232509a056c8cddb800f4c8101dca3bbc4287f86369432ed76062b5b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d67320b31e2a18b6d375ced73ec075e9057bf2273246f8fe0e82172a44c1d0f7_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:f8e75d101cee6a6f28a43daeb9f72a32e81968228ca424c7ee9cd68c31d7c40d_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:09c7ec9405783b3a70876a17e5c498c508ee93dc44c2a2de3ec4daabba4995ea_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2405a8a51271fb13c5a716824540b4ae5e0cdf9af62ae7257f9686ae31c853f1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:73cc801e1b025728d6a08840af59b5d156cb0d6c75104f4a4a896b37cb28373b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:9ddb62d832e7882c6279a5708a53f5d04c5b0736ee06159dfb82d7d1b7622b59_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:1eab84f961377b696cf46a8cddde4822949f78bedaea798140d79e59e7b646f9_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:30868483bc25d1a7c280f05ef84659e390b568422b205fffe12c3e15d8272c92_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:d935dbd477a42f9c7f48a7fd23a6390ec7cdc536a58c75782ef2bf771ff5e688_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-operator-bundle@sha256:e8f0fb2d6325764bff266705e8320a3b7a6d23370b4710b46231d4e675ccfe7b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:21c63e737590cb3f976549b46b8f5f20e305c3ea0621549aa6d727e0df3c7726_s390x",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:42b904be06a7a546ee0edbfbb3bfa5007734db1ab4dddb599ba92c334e0f2c43_amd64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:63ac578a124ee0d2b728e95290b0b9f67b714e3663e90eb7a99fd5ca29c47008_arm64",
"9Base-NETWORK-OBSERVABILITY-1.6.0:network-observability/network-observability-rhel9-operator@sha256:a38349c1375821d057f63f4f7f5f4ff454e0a7d32a5dd3889d0fc7f1dd2b1f41_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
}
]
}
WID-SEC-W-2024-0661
Vulnerability from csaf_certbund - Published: 2024-03-18 23:00 - Updated: 2024-05-02 22:00Summary
IBM App Connect Enterprise: Schwachstelle ermöglicht Codeausführung und Offenlegung
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um beliebigen Programmcode auszuführen und Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Es existiert eine Schwachstelle in IBM App Connect Enterprise. In der ip.isPublic() Funktion im Node.js IP Package besteht ein Server-Side Request Forgery Fehler. Durch das Senden einer speziell gestalteten Anfrage, die eine hexadezimale Darstellung einer privaten IP-Adresse verwendet, kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auf dem System auszuführen und vertrauliche Informationen offenzulegen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Storage Scale
IBM
|
cpe:/a:ibm:spectrum_scale:-
|
— |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM App Connect Enterprise ausnutzen, um beliebigen Programmcode auszuf\u00fchren und Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0661 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0661.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0661 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0661"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2024-03-18",
"url": "https://www.ibm.com/support/pages/node/7144218"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7150147 vom 2024-05-03",
"url": "https://www.ibm.com/support/pages/node/7150147"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung und Offenlegung",
"tracking": {
"current_release_date": "2024-05-02T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:06:36.547+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0661",
"initial_release_date": "2024-03-18T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-03-18T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-05-02T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.0.0.25",
"product": {
"name": "IBM App Connect Enterprise \u003c11.0.0.25",
"product_id": "T033537"
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.11.2",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.11.2",
"product_id": "T033538"
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"category": "product_name",
"name": "IBM Storage Scale",
"product": {
"name": "IBM Storage Scale",
"product_id": "T019402",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42282",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in IBM App Connect Enterprise. In der ip.isPublic() Funktion im Node.js IP Package besteht ein Server-Side Request Forgery Fehler. Durch das Senden einer speziell gestalteten Anfrage, die eine hexadezimale Darstellung einer privaten IP-Adresse verwendet, kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auf dem System auszuf\u00fchren und vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T019402"
]
},
"release_date": "2024-03-18T23:00:00.000+00:00",
"title": "CVE-2023-42282"
}
]
}
WID-SEC-W-2024-0858
Vulnerability from csaf_certbund - Published: 2024-04-14 22:00 - Updated: 2024-11-20 23:00Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein entfernter Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um Phishing-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen, beliebigen Code auszuführen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
Es besteht eine Schwachstelle in IBM QRadar SIEM. Dieser Fehler besteht in der Komponente "follow-redirects" aufgrund eines offenen Umleitungsproblems, das es ermöglicht, einen Benutzer auf beliebige Websites umzuleiten. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Phishing-Angriff durchzuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM Deployment Intelligence App <3.0.14
IBM / QRadar SIEM
|
Deployment Intelligence App <3.0.14 |
Es besteht eine Schwachstelle in IBM QRadar SIEM. Dieser Fehler besteht im Node.js IP-Paket aufgrund eines serverseitigen Request Forgery-Problems in der Funktion ip.isPublic(). Durch das Senden einer speziell gestalteten Anfrage, die eine hexadezimale Darstellung einer privaten IP-Adresse verwendet, kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auf dem System auszuführen und vertrauliche Informationen offenzulegen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM Deployment Intelligence App <3.0.14
IBM / QRadar SIEM
|
Deployment Intelligence App <3.0.14 |
Es besteht eine Schwachstelle in IBM QRadar SIEM. Dieser Fehler besteht in der Komponente PostCSS aufgrund einer unsachgemäßen Eingabevalidierung. Durch die Verwendung eines speziell gestalteten externen Cascading Style Sheets (CSS) kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM Deployment Intelligence App <3.0.14
IBM / QRadar SIEM
|
Deployment Intelligence App <3.0.14 |
Es besteht eine Schwachstelle in IBM QRadar SIEM. Dieser Fehler besteht im Node.js-Modul "follow-redirects" aufgrund eines unzulässigen Autorisierungs-Header-Clearings. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM Deployment Intelligence App <3.0.14
IBM / QRadar SIEM
|
Deployment Intelligence App <3.0.14 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um Phishing-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren oder vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0858 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0858.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0858 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0858"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2024-04-14",
"url": "https://www.ibm.com/support/pages/node/7148190"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7159781 vom 2024-07-08",
"url": "https://www.ibm.com/support/pages/node/7159781"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-20T23:00:00.000+00:00",
"generator": {
"date": "2024-11-21T09:04:22.276+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-0858",
"initial_release_date": "2024-04-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-07-08T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "3",
"summary": "Korrektur"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.32.1",
"product": {
"name": "IBM QRadar SIEM 2.32.1",
"product_id": "T034114",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:2.32.1"
}
}
},
{
"category": "product_version_range",
"name": "Deployment Intelligence App \u003c3.0.14",
"product": {
"name": "IBM QRadar SIEM Deployment Intelligence App \u003c3.0.14",
"product_id": "T035903"
}
},
{
"category": "product_version",
"name": "Deployment Intelligence App 3.0.14",
"product": {
"name": "IBM QRadar SIEM Deployment Intelligence App 3.0.14",
"product_id": "T035903-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:3.0.14::deployment_intelligence_app"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26159",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM QRadar SIEM. Dieser Fehler besteht in der Komponente \"follow-redirects\" aufgrund eines offenen Umleitungsproblems, das es erm\u00f6glicht, einen Benutzer auf beliebige Websites umzuleiten. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Phishing-Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T035903"
]
},
"release_date": "2024-04-14T22:00:00.000+00:00",
"title": "CVE-2023-26159"
},
{
"cve": "CVE-2023-42282",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM QRadar SIEM. Dieser Fehler besteht im Node.js IP-Paket aufgrund eines serverseitigen Request Forgery-Problems in der Funktion ip.isPublic(). Durch das Senden einer speziell gestalteten Anfrage, die eine hexadezimale Darstellung einer privaten IP-Adresse verwendet, kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auf dem System auszuf\u00fchren und vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035903"
]
},
"release_date": "2024-04-14T22:00:00.000+00:00",
"title": "CVE-2023-42282"
},
{
"cve": "CVE-2023-44270",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM QRadar SIEM. Dieser Fehler besteht in der Komponente PostCSS aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung. Durch die Verwendung eines speziell gestalteten externen Cascading Style Sheets (CSS) kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T035903"
]
},
"release_date": "2024-04-14T22:00:00.000+00:00",
"title": "CVE-2023-44270"
},
{
"cve": "CVE-2024-28849",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in IBM QRadar SIEM. Dieser Fehler besteht im Node.js-Modul \"follow-redirects\" aufgrund eines unzul\u00e4ssigen Autorisierungs-Header-Clearings. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T035903"
]
},
"release_date": "2024-04-14T22:00:00.000+00:00",
"title": "CVE-2024-28849"
}
]
}
WID-SEC-W-2024-1590
Vulnerability from csaf_certbund - Published: 2024-07-10 22:00 - Updated: 2024-12-18 23:00Summary
HCL BigFix: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um einen Denial of Service Angriff durchzuführen, ertrauliche Informationen preiszugeben, Daten zu manipulieren und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Es besteht eine Schwachstelle in HCL BigFix WebUI-Sites. Diese Fehler besteht, weil die eingebetteten JavaScript-Vorlagen aufgrund des Fehlens eines bestimmten Verschmutzungsschutzes anfällig sind. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben, Dateien zu manipulieren und einen Denial-of-Service-Zustand zu erzeugen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Query <4.7.0
HCL / BigFix
|
Query <4.7.0 | ||
|
HCL BigFix PM <84
HCL / BigFix
|
PM <84 | ||
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI |
Es bestehen mehrere Schwachstellen in HCL BigFix Query. Diese Fehler bestehen aufgrund einer unsachgemäßen Kategorisierung bestimmter IP-Adressen in Node.js und aufgrund einer unsachgemäßen Kodierung der vom Benutzer bereitgestellten URLs im Express.js-Framework. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Query <4.7.0
HCL / BigFix
|
Query <4.7.0 | ||
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI |
Es bestehen mehrere Schwachstellen in HCL BigFix Query. Diese Fehler bestehen aufgrund einer unsachgemäßen Kategorisierung bestimmter IP-Adressen in Node.js und aufgrund einer unsachgemäßen Kodierung der vom Benutzer bereitgestellten URLs im Express.js-Framework. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Query <4.7.0
HCL / BigFix
|
Query <4.7.0 | ||
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI |
Es besteht eine Schwachstelle in HCL BigFix Power Management. Diese Fehler besteht aufgrund der unsachgemäßen Eingabevalidierung im jQuery Validation Plugin. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Regular Expression Denial of Service (ReDoS) zu erzeugen, indem er eine beliebige Eingabe an die url2-Methode sendet. Die Sicherheitslücke CVE-2022-31147 besteht aufgrund der unvollständigen Behebung von CVE-2021-43306.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Query <4.7.0
HCL / BigFix
|
Query <4.7.0 | ||
|
HCL BigFix PM <84
HCL / BigFix
|
PM <84 | ||
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI |
Es besteht eine Schwachstelle in HCL BigFix Power Management. Diese Fehler besteht aufgrund der unsachgemäßen Eingabevalidierung im jQuery Validation Plugin. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Regular Expression Denial of Service (ReDoS) zu erzeugen, indem er eine beliebige Eingabe an die url2-Methode sendet. Die Sicherheitslücke CVE-2022-31147 besteht aufgrund der unvollständigen Behebung von CVE-2021-43306.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
HCL BigFix Query <4.7.0
HCL / BigFix
|
Query <4.7.0 | ||
|
HCL BigFix PM <84
HCL / BigFix
|
PM <84 | ||
|
HCL BigFix Server Automation
HCL / BigFix
|
cpe:/a:hcltech:bigfix:server_automation
|
Server Automation | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI | |
|
HCL BigFix WebUI
HCL / BigFix
|
cpe:/a:hcltech:bigfix:webui
|
WebUI |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, ertrauliche Informationen preiszugeben, Daten zu manipulieren und Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1590 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1590.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1590 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1590"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2024-07-10",
"url": "https://support.hcltechsw.com/community?id=community_blog\u0026sys_id=41c2808e1b930ad0534c4159cc4bcba7"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2024-07-10",
"url": "https://support.hcltechsw.com/community?id=community_blog\u0026sys_id=944daab91b1786d0534c4159cc4bcb58"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2024-07-10",
"url": "https://support.hcltechsw.com/community?id=community_blog\u0026sys_id=cef753bd1bd3c6d0534c4159cc4bcbaa"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2024-07-10",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114657"
},
{
"category": "external",
"summary": "HCL Article KB0114591 vom 2024-07-28",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0114591"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2024-12-18",
"url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=1af3c435fb2216d0db10f2797befdc15"
}
],
"source_lang": "en-US",
"title": "HCL BigFix: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-12-18T23:00:00.000+00:00",
"generator": {
"date": "2024-12-19T09:14:43.596+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-1590",
"initial_release_date": "2024-07-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-07-28T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2024-12-18T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "WebUI",
"product": {
"name": "HCL BigFix WebUI",
"product_id": "T023767",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:webui"
}
}
},
{
"category": "product_version_range",
"name": "Query \u003c4.7.0",
"product": {
"name": "HCL BigFix Query \u003c4.7.0",
"product_id": "T036096"
}
},
{
"category": "product_version",
"name": "Query 4.7.0",
"product": {
"name": "HCL BigFix Query 4.7.0",
"product_id": "T036096-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:query__4.7.0"
}
}
},
{
"category": "product_version_range",
"name": "PM \u003c84",
"product": {
"name": "HCL BigFix PM \u003c84",
"product_id": "T036097"
}
},
{
"category": "product_version",
"name": "PM 84",
"product": {
"name": "HCL BigFix PM 84",
"product_id": "T036097-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:pm__84"
}
}
},
{
"category": "product_version",
"name": "WebUI",
"product": {
"name": "HCL BigFix WebUI",
"product_id": "T036098",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:webui"
}
}
},
{
"category": "product_version",
"name": "Server Automation",
"product": {
"name": "HCL BigFix Server Automation",
"product_id": "T039915",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:server_automation"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-33883",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in HCL BigFix WebUI-Sites. Diese Fehler besteht, weil die eingebetteten JavaScript-Vorlagen aufgrund des Fehlens eines bestimmten Verschmutzungsschutzes anf\u00e4llig sind. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben, Dateien zu manipulieren und einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T036096",
"T036097",
"T039915",
"T023767",
"T036098"
]
},
"release_date": "2024-07-10T22:00:00.000+00:00",
"title": "CVE-2024-33883"
},
{
"cve": "CVE-2023-42282",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in HCL BigFix Query. Diese Fehler bestehen aufgrund einer unsachgem\u00e4\u00dfen Kategorisierung bestimmter IP-Adressen in Node.js und aufgrund einer unsachgem\u00e4\u00dfen Kodierung der vom Benutzer bereitgestellten URLs im Express.js-Framework. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen"
}
],
"product_status": {
"known_affected": [
"T036096",
"T039915",
"T023767"
]
},
"release_date": "2024-07-10T22:00:00.000+00:00",
"title": "CVE-2023-42282"
},
{
"cve": "CVE-2024-29041",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in HCL BigFix Query. Diese Fehler bestehen aufgrund einer unsachgem\u00e4\u00dfen Kategorisierung bestimmter IP-Adressen in Node.js und aufgrund einer unsachgem\u00e4\u00dfen Kodierung der vom Benutzer bereitgestellten URLs im Express.js-Framework. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen"
}
],
"product_status": {
"known_affected": [
"T036096",
"T039915",
"T023767"
]
},
"release_date": "2024-07-10T22:00:00.000+00:00",
"title": "CVE-2024-29041"
},
{
"cve": "CVE-2021-43306",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in HCL BigFix Power Management. Diese Fehler besteht aufgrund der unsachgem\u00e4\u00dfen Eingabevalidierung im jQuery Validation Plugin. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Regular Expression Denial of Service (ReDoS) zu erzeugen, indem er eine beliebige Eingabe an die url2-Methode sendet. Die Sicherheitsl\u00fccke CVE-2022-31147 besteht aufgrund der unvollst\u00e4ndigen Behebung von CVE-2021-43306."
}
],
"product_status": {
"known_affected": [
"T036096",
"T036097",
"T039915",
"T023767",
"T036098"
]
},
"release_date": "2024-07-10T22:00:00.000+00:00",
"title": "CVE-2021-43306"
},
{
"cve": "CVE-2022-31147",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in HCL BigFix Power Management. Diese Fehler besteht aufgrund der unsachgem\u00e4\u00dfen Eingabevalidierung im jQuery Validation Plugin. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Regular Expression Denial of Service (ReDoS) zu erzeugen, indem er eine beliebige Eingabe an die url2-Methode sendet. Die Sicherheitsl\u00fccke CVE-2022-31147 besteht aufgrund der unvollst\u00e4ndigen Behebung von CVE-2021-43306."
}
],
"product_status": {
"known_affected": [
"T036096",
"T036097",
"T039915",
"T023767",
"T036098"
]
},
"release_date": "2024-07-10T22:00:00.000+00:00",
"title": "CVE-2022-31147"
}
]
}
WID-SEC-W-2024-3542
Vulnerability from csaf_certbund - Published: 2024-11-25 23:00 - Updated: 2026-02-04 23:00Summary
Red Hat OpenShift: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Dateien zu manipulieren, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuführen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Serverless Logic <1.35.0
Red Hat / OpenShift
|
Serverless Logic <1.35.0 | ||
|
Red Hat OpenShift Dev Spaces <3.17
Red Hat / OpenShift
|
Dev Spaces <3.17 | ||
|
Atlassian Bitbucket <9.4.13 (LTS)
Atlassian / Bitbucket
|
<9.4.13 (LTS) | ||
|
Atlassian Bitbucket <8.19.25 (LTS)
Atlassian / Bitbucket
|
<8.19.25 (LTS) | ||
|
Atlassian Bitbucket <10.0.2
Atlassian / Bitbucket
|
<10.0.2 |
References
9 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Dateien zu manipulieren, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuf\u00fchren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3542 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3542.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3542 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3542"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10236 vom 2024-11-25",
"url": "https://access.redhat.com/errata/RHSA-2024:10236"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10857 vom 2024-12-05",
"url": "https://access.redhat.com/errata/RHSA-2024:10857"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10865 vom 2024-12-05",
"url": "https://access.redhat.com/errata/RHSA-2024:10865"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11293 vom 2024-12-17",
"url": "https://access.redhat.com/errata/RHSA-2024:11293"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0664 vom 2025-01-23",
"url": "https://access.redhat.com/errata/RHSA-2025:0664"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1942 vom 2026-02-04",
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-04T23:00:00.000+00:00",
"generator": {
"date": "2026-02-05T09:59:24.675+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-3542",
"initial_release_date": "2024-11-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-11-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-12-05T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-23T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-16T22:00:00.000+00:00",
"number": "5",
"summary": "Referenz(en) aufgenommen: EUVD-2025-29356, EUVD-2025-29357"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-02-04T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.0.2",
"product_id": "T048675"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Bitbucket 10.0.2",
"product_id": "T048675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
"product_id": "T048676"
}
},
{
"category": "product_version",
"name": "8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket 8.19.25 (LTS)",
"product_id": "T048676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
"product_id": "T048677"
}
},
{
"category": "product_version",
"name": "9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket 9.4.13 (LTS)",
"product_id": "T048677-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Dev Spaces \u003c3.17",
"product": {
"name": "Red Hat OpenShift Dev Spaces \u003c3.17",
"product_id": "T039431"
}
},
{
"category": "product_version",
"name": "Dev Spaces 3.17",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3.17",
"product_id": "T039431-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:dev_spaces__3.17"
}
}
},
{
"category": "product_version_range",
"name": "Serverless Logic \u003c1.35.0",
"product": {
"name": "Red Hat OpenShift Serverless Logic \u003c1.35.0",
"product_id": "T040597"
}
},
{
"category": "product_version",
"name": "Serverless Logic 1.35.0",
"product": {
"name": "Red Hat OpenShift Serverless Logic 1.35.0",
"product_id": "T040597-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:serverless_logic__1.35.0"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-42282",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2023-42282"
},
{
"cve": "CVE-2024-29415",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-29415"
},
{
"cve": "CVE-2024-21534",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-21534"
},
{
"cve": "CVE-2024-34156",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-34156"
},
{
"cve": "CVE-2024-45296",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-45296"
},
{
"cve": "CVE-2024-45813",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-45813"
},
{
"cve": "CVE-2024-47875",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-47875"
},
{
"cve": "CVE-2024-48949",
"product_status": {
"known_affected": [
"67646",
"T040597",
"T039431",
"T048677",
"T048676",
"T048675"
]
},
"release_date": "2024-11-25T23:00:00.000+00:00",
"title": "CVE-2024-48949"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…