Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-44487 (GCVE-0-2023-44487)
Vulnerability from cvelistv5 – Published: 2023-10-10 00:00 – Updated: 2026-05-12 10:52- n/a
- CWE-400 - Uncontrolled Resource Consumption
| Vendor | Product | Version | |
|---|---|---|---|
| ietf | http |
Affected:
2.0
cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:* |
|
| Siemens | RUGGEDCOM APE1808 |
Affected:
0 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SINEC NMS |
Affected:
0 , < V3.0
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
CISA
Known Exploited Vulnerability - GCVE BCP-07 Compliant
Exploited: Yes
Timestamps
Scope
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-400 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | HTTP/2 |
| Due Date | 2023-10-31 |
| Date Added | 2023-10-10 |
| Vendorproject | IETF |
| Vulnerabilityname | HTTP/2 Rapid Reset Attack Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
Exploited: Yes
Timestamps
Scope
Evidence
Type: Public Report
Signal: Successful Exploitation
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as... |
| Vendor | |
| Product | Cloud Platform |
| Added Date | 2023-10-10T00:00:00.000Z |
| Cvss Score | 7.5 |
| Epss Score | 0.99999 |
| Cvss Severity | HIGH |
| Epss Percentile | 0.99996 |
| Used In Malware | unknown |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | False |
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "http",
"vendor": "ietf",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-44487",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T20:34:21.334116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:35.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00.000Z",
"value": "CVE-2023-44487 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:08:27.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"tags": [
"x_transferred"
],
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"tags": [
"x_transferred"
],
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"tags": [
"x_transferred"
],
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"tags": [
"x_transferred"
],
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/golang/go/issues/63417"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"tags": [
"x_transferred"
],
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"tags": [
"x_transferred"
],
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"name": "DSA-5522",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"name": "DSA-5521",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"tags": [
"x_transferred"
],
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/line/armeria/pull/5232"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"name": "FEDORA-2023-ed2642fd58",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"name": "[oss-security] 20231018 Vulnerability in Jenkins",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"name": "FEDORA-2023-54fadada12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"name": "FEDORA-2023-5ff7bf1dd8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"name": "FEDORA-2023-17efd3f2cd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"name": "FEDORA-2023-d5030c983c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"name": "FEDORA-2023-0259c3f26f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"name": "FEDORA-2023-2a9214af5f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"name": "FEDORA-2023-e9c04d81c1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"name": "FEDORA-2023-f66fc0f62a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"name": "FEDORA-2023-4d2fd884ea",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"name": "FEDORA-2023-b2c50535cb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"name": "FEDORA-2023-fe53e13b5b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"name": "FEDORA-2023-4bf641255e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"name": "DSA-5540",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"name": "FEDORA-2023-1caffb88af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"name": "FEDORA-2023-3f70b8d406",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"name": "FEDORA-2023-7b52921cae",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"name": "FEDORA-2023-7934802344",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"name": "FEDORA-2023-dbe64661af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"name": "FEDORA-2023-822aab0a5a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"name": "DSA-5549",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"name": "FEDORA-2023-c0c6a91330",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"name": "FEDORA-2023-492b7be466",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"name": "DSA-5558",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"name": "GLSA-202311-09",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"name": "DSA-5570",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM APE1808",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T10:52:23.784Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-07T20:05:34.376Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
},
{
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
},
{
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
},
{
"url": "https://news.ycombinator.com/item?id=37831062"
},
{
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
},
{
"url": "https://github.com/envoyproxy/envoy/pull/30055"
},
{
"url": "https://github.com/haproxy/haproxy/issues/2312"
},
{
"url": "https://github.com/eclipse/jetty.project/issues/10679"
},
{
"url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
},
{
"url": "https://github.com/nghttp2/nghttp2/pull/1961"
},
{
"url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
},
{
"url": "https://github.com/alibaba/tengine/issues/1872"
},
{
"url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
},
{
"url": "https://news.ycombinator.com/item?id=37830987"
},
{
"url": "https://news.ycombinator.com/item?id=37830998"
},
{
"url": "https://github.com/caddyserver/caddy/issues/5877"
},
{
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
},
{
"url": "https://github.com/bcdannyboy/CVE-2023-44487"
},
{
"url": "https://github.com/grpc/grpc-go/pull/6703"
},
{
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
},
{
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
},
{
"url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
},
{
"url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
},
{
"name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
},
{
"name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
},
{
"url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"url": "https://github.com/facebook/proxygen/pull/466"
},
{
"url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
},
{
"url": "https://github.com/micrictor/http2-rst-stream"
},
{
"url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
},
{
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
},
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
},
{
"url": "https://github.com/h2o/h2o/pull/3291"
},
{
"url": "https://github.com/nodejs/node/pull/50121"
},
{
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"url": "https://github.com/golang/go/issues/63417"
},
{
"url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
},
{
"url": "https://github.com/apache/trafficserver/pull/10564"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
},
{
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
},
{
"url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
},
{
"url": "https://github.com/opensearch-project/data-prepper/issues/3474"
},
{
"url": "https://github.com/kubernetes/kubernetes/pull/121120"
},
{
"url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
},
{
"url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
},
{
"url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
},
{
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
},
{
"url": "https://news.ycombinator.com/item?id=37837043"
},
{
"url": "https://github.com/kazu-yamamoto/http2/issues/93"
},
{
"url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
},
{
"url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
},
{
"url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
},
{
"name": "DSA-5522",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5522"
},
{
"name": "DSA-5521",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"url": "https://access.redhat.com/security/cve/cve-2023-44487"
},
{
"url": "https://github.com/ninenines/cowboy/issues/1615"
},
{
"url": "https://github.com/varnishcache/varnish-cache/issues/3996"
},
{
"url": "https://github.com/tempesta-tech/tempesta/issues/1986"
},
{
"url": "https://blog.vespa.ai/cve-2023-44487/"
},
{
"url": "https://github.com/etcd-io/etcd/issues/16740"
},
{
"url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
},
{
"url": "https://istio.io/latest/news/security/istio-security-2023-004/"
},
{
"url": "https://github.com/junkurihara/rust-rpxy/issues/97"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
},
{
"url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
},
{
"url": "https://github.com/apache/httpd-site/pull/10"
},
{
"url": "https://github.com/projectcontour/contour/pull/5826"
},
{
"url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
},
{
"url": "https://github.com/line/armeria/pull/5232"
},
{
"url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2023-44487"
},
{
"url": "https://github.com/akka/akka-http/issues/4323"
},
{
"url": "https://github.com/openresty/openresty/issues/930"
},
{
"url": "https://github.com/apache/apisix/issues/10320"
},
{
"url": "https://github.com/Azure/AKS/issues/3947"
},
{
"url": "https://github.com/Kong/kong/discussions/11741"
},
{
"url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
},
{
"url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
},
{
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
},
{
"name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
},
{
"name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
},
{
"url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
},
{
"url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
},
{
"name": "FEDORA-2023-ed2642fd58",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
},
{
"url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
},
{
"name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
},
{
"name": "[oss-security] 20231018 Vulnerability in Jenkins",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
},
{
"name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
},
{
"name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
},
{
"name": "FEDORA-2023-54fadada12",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
},
{
"name": "FEDORA-2023-5ff7bf1dd8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
},
{
"name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
},
{
"name": "FEDORA-2023-17efd3f2cd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
},
{
"name": "FEDORA-2023-d5030c983c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
},
{
"name": "FEDORA-2023-0259c3f26f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
},
{
"name": "FEDORA-2023-2a9214af5f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
},
{
"name": "FEDORA-2023-e9c04d81c1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
},
{
"name": "FEDORA-2023-f66fc0f62a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
},
{
"name": "FEDORA-2023-4d2fd884ea",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
},
{
"name": "FEDORA-2023-b2c50535cb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
},
{
"name": "FEDORA-2023-fe53e13b5b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
},
{
"name": "FEDORA-2023-4bf641255e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
},
{
"name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
},
{
"name": "DSA-5540",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5540"
},
{
"name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
},
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
},
{
"name": "FEDORA-2023-1caffb88af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
},
{
"name": "FEDORA-2023-3f70b8d406",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
},
{
"name": "FEDORA-2023-7b52921cae",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
},
{
"name": "FEDORA-2023-7934802344",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
},
{
"name": "FEDORA-2023-dbe64661af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
},
{
"name": "FEDORA-2023-822aab0a5a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
},
{
"name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
},
{
"name": "DSA-5549",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"name": "FEDORA-2023-c0c6a91330",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
},
{
"name": "FEDORA-2023-492b7be466",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
},
{
"name": "DSA-5558",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5558"
},
{
"name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
},
{
"name": "GLSA-202311-09",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"name": "DSA-5570",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5570"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-44487",
"datePublished": "2023-10-10T00:00:00.000Z",
"dateReserved": "2023-09-29T00:00:00.000Z",
"dateUpdated": "2026-05-12T10:52:23.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2023-44487",
"cwes": "[\"CWE-400\"]",
"dateAdded": "2023-10-10",
"dueDate": "2023-10-31",
"knownRansomwareCampaignUse": "Unknown",
"notes": "This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"product": "HTTP/2",
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).",
"vendorProject": "IETF",
"vulnerabilityName": "HTTP/2 Rapid Reset Attack Vulnerability"
},
"epss": {
"cve": "CVE-2023-44487",
"date": "2026-06-30",
"epss": "0.99999",
"percentile": "0.99996"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-44487\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-10-10T14:15:10.883\",\"lastModified\":\"2026-06-17T06:27:44.067\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.\"},{\"lang\":\"es\",\"value\":\"El protocolo HTTP/2 permite una denegaci\u00f3n de servicio (consumo de recursos del servidor) porque la cancelaci\u00f3n de solicitudes puede restablecer muchas transmisiones r\u00e1pidamente, como se explot\u00f3 en la naturaleza entre agosto y octubre de 2023.\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"n/a\",\"versions\":[{\"version\":\"n/a\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"ietf\",\"product\":\"http\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"2.0\",\"status\":\"affected\"}]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM APE1808\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SINEC NMS\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-07-23T20:34:21.334116Z\",\"id\":\"CVE-2023-44487\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2023-10-10\",\"cisaActionDue\":\"2023-10-31\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"HTTP/2 Rapid Reset Attack Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn\\\\/dp_mfp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.5\",\"matchCriteriaId\":\"2A7548B8-3DF7-46D9-8A4F-87C38969D900\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn\\\\/dp_mfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B1EE93D-BAD2-4B86-910C-8784FCC9F398\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0\",\"matchCriteriaId\":\"C89891C1-DFD7-4E1F-80A9-7485D86A15B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4664B195-AF14-4834-82B3-0B2C98020EB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"75BC588E-CDF0-404E-AD61-02093A1DF343\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A334F7B4-7283-4453-BAED-D2E01B7F8A6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6BEA71C-CA81-4B5D-A688-2B21E62DC351\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B405F22-5517-49F5-A7CA-1E50D58DFC75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"AE06B8AF-B36C-4743-A056-30712163F75B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:st7_scadaconnect:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1\",\"matchCriteriaId\":\"BCBD17AE-C1AE-4ECF-A991-0FFBDD06D687\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_ape1808_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37FDCA69-9049-40B4-88AF-F476901022B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_ape1808:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B89A6863-B602-4404-8D26-337FECABFFF0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\\\\/dp_mfp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.5\",\"matchCriteriaId\":\"99E36624-A573-47D9-B158-B18A8A822FBA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\\\\/dp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40F38253-92F5-4A3A-AA07-292F7542D8A6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn\\\\/dp_mfp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.5\",\"matchCriteriaId\":\"19F1C257-0EE6-47DE-B4BE-169F801FFDD8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:siplus_s7-1500_cpu_1518-4_pn\\\\/dp_mfp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2F63E0A-126D-4A93-8159-45EB5E606F81\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5200E35-222B-42E0-83E0-5B702684D992\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.57.0\",\"matchCriteriaId\":\"C3BDC297-F023-4E87-8518-B84CCF9DD6A8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.100\",\"matchCriteriaId\":\"D12D5257-7ED2-400F-9EF7-40E0D3650C2B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.24.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B058776-B5B7-4079-B0AF-23F40926DCEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.25.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D565975-EFD9-467C-B6E3-1866A4EF17A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.26.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D487271-1B5E-4F16-B0CB-A7B8908935C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:1.27.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA6ED627-EFB3-4BDD-8ECC-C5947A1470B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.53\",\"matchCriteriaId\":\"A4A6F189-6C43-462D-85C9-B0EBDA8A4683\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.0.17\",\"matchCriteriaId\":\"C993C920-85C0-4181-A95E-5D965A670738\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.17\",\"matchCriteriaId\":\"08E79A8E-E12C-498F-AF4F-1AAA7135661E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.0.2\",\"matchCriteriaId\":\"F138D800-9A3B-4C76-8A3C-4793083A1517\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.5\",\"matchCriteriaId\":\"6341DDDA-AD27-4087-9D59-0A212F0037B4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.20.10\",\"matchCriteriaId\":\"328120E4-C031-44B4-9BE5-03B0CDAA066F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.3\",\"matchCriteriaId\":\"5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"D7D2F801-6F65-4705-BCB9-D057EA54A707\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.17.0\",\"matchCriteriaId\":\"801F25DA-F38C-4452-8E90-235A3B1A5FF0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"D93F04AD-DF14-48AB-9F13-8B2E491CF42E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"7522C760-7E07-406F-BF50-5656D5723C4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"3A7F605E-EB10-40FB-98D6-7E3A95E310BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"783E62F2-F867-48F1-B123-D1227C970674\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"6603ED6A-3366-4572-AFCD-B3D4B1EC7606\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"88978E38-81D3-4EFE-8525-A300B101FA69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"0510296F-92D7-4388-AE3A-0D9799C2FC4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"D7698D6C-B1F7-43C1-BBA6-88E956356B3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"05E452AA-A520-4CBE-8767-147772B69194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"596FC5D5-7329-4E39-841E-CAE937C02219\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"B3C7A168-F370-441E-8790-73014BCEC39F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"CF16FD01-7704-40AB-ACB2-80A883804D22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1769D69A-CB59-46B1-89B3-FB97DC6DEB9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"9167FEC1-2C37-4946-9657-B4E69301FB24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"7B4B3442-E0C0-48CD-87AD-060E15C9801E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"8FA85EC1-D91A-49DD-949B-2AF7AC813CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"20662BB0-4C3D-4CF0-B068-3555C65DD06C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59203EBF-C52A-45A1-B8DF-00E17E3EFB51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"7EC2324D-EC8B-41DF-88A7-819E53AAD0FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"9B88F9D1-B54B-40C7-A18A-26C4A071D7EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"C8F39403-C259-4D6F-9E9A-53671017EEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"220F2D38-FA82-45EF-B957-7678C9FEDBC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C698C1C-A3DD-46E2-B05A-12F2604E7F85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"922AA845-530A-4B4B-9976-4CBC30C8A324\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"F938EB43-8373-47EB-B269-C6DF058A9244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"1771493E-ACAA-477F-8AB4-25DB12F6AD6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"5E86F3D5-65A4-48CE-A6A2-736BBB88E3F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87670A74-34FE-45DF-A725-25B804C845B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"C7E422F6-C4C2-43AC-B137-0997B5739030\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"CC3F710F-DBCB-4976-9719-CF063DA22377\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"4B9B76A1-7C5A-453F-A4ED-F1A81BCEBEB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"88EDFCD9-775C-48FA-9CDA-2B04DA8D0612\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67DB21AE-DF53-442D-B492-C4ED9A20B105\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"4C9FCBCB-9CE0-49E7-85C8-69E71D211912\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"112DFA85-90AD-478D-BD70-8C7C0C074F1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"DB704A1C-D8B7-48BB-A15A-C14DB591FE4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"21D51D9F-2840-4DEA-A007-D20111A1745C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_carrier-grade_nat:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BC1D037-74D2-4F92-89AD-C90F6CBF440B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"CAEF3EA4-7D5A-4B44-9CE3-258AEC745866\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"2FBCE2D1-9D93-415D-AB2C-2060307C305A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"8070B469-8CC4-4D2F-97D7-12D0ABB963C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"A326597E-725D-45DE-BEF7-2ED92137B253\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B235A78-649B-46C5-B24B-AB485A884654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"08B25AAB-A98C-4F89-9131-29E3A8C0ED23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"ED9B976A-D3AD-4445-BF8A-067C3EBDFBB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"98D2CE1E-DED0-470A-AA78-C78EF769C38E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"C966FABA-7199-4F0D-AB8C-4590FE9D2FFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84D00768-E71B-4FF7-A7BF-F2C8CFBC900D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"E3D2ABA3-D4A9-4267-B0DF-7C3BBEEAEB66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"BC36311E-BB00-4750-85C8-51F5A2604F07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"A65D357E-4B40-42EC-9AAA-2B6CEF78C401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"D7EF9865-FE65-4DFB-BF21-62FBCE65FF1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABBD10E8-6054-408F-9687-B9BF6375CA09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"E6018B01-048C-43BB-A78D-66910ED60CA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"3A6A5686-5A8B-45D5-9165-BC99D2CCAC47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"5D2A121F-5BD2-4263-8ED3-1DDE25B5C306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"0A4F7BAD-3EDD-4DE0-AAB7-DE5ACA34DD79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83794B04-87E2-4CA9-81F5-BB820D0F5395\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"D9EC2237-117F-43BD-ADEC-516CF72E04EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"F70D4B6F-65CF-48F4-9A07-072DFBCE53D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"29563719-1AF2-4BB8-8CCA-A0869F87795D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"D24815DD-579A-46D1-B9F2-3BB2C56BC54D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A6E7035-3299-474F-8F67-945EA9A059D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"0360F76D-E75E-4B05-A294-B47012323ED9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"7A4607BF-41AC-4E84-A110-74E085FF0445\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"441CC945-7CA3-49C0-AE10-94725301E31D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"46BA8E8A-6ED5-4FB2-8BBC-586AA031085A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_next:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"969C4F14-F6D6-46D6-B348-FC1463877680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_next_service_proxy_for_kubernetes:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.0\",\"versionEndIncluding\":\"1.8.2\",\"matchCriteriaId\":\"41AD5040-1250-45F5-AB63-63F333D49BCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"8257AA59-C14D-4EC1-B22C-DFBB92CBC297\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"37DB32BB-F4BA-4FB5-94B1-55C3F06749CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"FFF5007E-761C-4697-8D34-C064DF0ABE8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"910441D3-90EF-4375-B007-D51120A60AB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"667EB77B-DA13-4BA4-9371-EE3F3A109F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"8A6F9699-A485-4614-8F38-5A556D31617E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"5A90F547-97A2-41EC-9FDF-25F869F0FA38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"E76E1B82-F1DC-4366-B388-DBDF16C586A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"660137F4-15A1-42D1-BBAC-99A1D5BB398B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_ssl_orchestrator:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C446827A-1F71-4FAD-9422-580642D26AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"1932D32D-0E4B-4BBD-816F-6D47AB2E2F04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"D47B7691-A95B-45C0-BAB4-27E047F3C379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"2CD1637D-0E42-4928-867A-BA0FDB6E8462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"3A599F90-F66B-4DF0-AD7D-D234F328BD59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D1B2000-C3FE-4B4C-885A-A5076EB164E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.5\",\"matchCriteriaId\":\"5326759A-AFB0-4A15-B4E9-3C9A2E5DB32A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.5\",\"matchCriteriaId\":\"57D92D05-C67D-437E-88F3-DCC3F6B0ED2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndIncluding\":\"15.1.10\",\"matchCriteriaId\":\"ECCB8C30-861E-4E48-A5F5-30EE523C1FB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.1.0\",\"versionEndIncluding\":\"16.1.4\",\"matchCriteriaId\":\"F5FEAD2A-3A58-432E-BEBB-6E3FDE24395F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:17.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AB23AE6-245E-43D6-B832-933F8259F937\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.9.5\",\"versionEndIncluding\":\"1.25.2\",\"matchCriteriaId\":\"1188B4A9-2684-413C-83D1-E91C75AE0FCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.4.2\",\"matchCriteriaId\":\"3337609D-5291-4A52-BC6A-6A8D4E60EB20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.3.0\",\"matchCriteriaId\":\"6CF0ABD9-EB28-4966-8C31-EED7AFBF1527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r25\",\"versionEndExcluding\":\"r29\",\"matchCriteriaId\":\"F291CB34-47A4-425A-A200-087CC295AEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r29:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5892B558-EC3A-43FF-A1D5-B2D9F70796F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"96BF2B19-52C7-4051-BA58-CAE6F912B72F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndIncluding\":\"8.5.93\",\"matchCriteriaId\":\"ABD26B48-CC80-4FAE-BD3D-78DE4C80C92B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndIncluding\":\"9.0.80\",\"matchCriteriaId\":\"F3EC20B6-B2AB-41F5-9BF9-D16C1FE67C34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndIncluding\":\"10.1.13\",\"matchCriteriaId\":\"0765CC3D-AB1A-4147-8900-EF4C105321F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1AA7FF6-E8E7-4BF6-983E-0A99B0183008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"57088BDD-A136-45EF-A8A1-2EBF79CEC2CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*\",\"matchCriteriaId\":\"B32D1D7A-A04F-444E-8F45-BB9A9E4B0199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AAD52CE-94F5-4F98-A027-9A7E68818CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"03A171AF-2EC8-4422-912C-547CDB58CAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"538E68C4-0BA4-495F-AEF8-4EF6EE7963CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"49350A6E-5E1D-45B2-A874-3B8601B3ADCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F50942F-DF54-46C0-8371-9A476DD3EEA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"98792138-DD56-42DF-9612-3BDC65EEC117\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:swiftnio_http\\\\/2:*:*:*:*:*:swift:*:*\",\"versionEndExcluding\":\"1.28.0\",\"matchCriteriaId\":\"08190072-3880-4EF5-B642-BA053090D95B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"1.56.3\",\"matchCriteriaId\":\"5F4CDEA9-CB47-4881-B096-DA896E2364F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:*\",\"versionEndIncluding\":\"1.59.2\",\"matchCriteriaId\":\"E65AF7BC-7DAE-408A-8485-FBED22815F75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*\",\"versionStartIncluding\":\"1.58.0\",\"versionEndExcluding\":\"1.58.3\",\"matchCriteriaId\":\"DD868DDF-C889-4F36-B5E6-68B6D9EA48CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:grpc:grpc:1.57.0:-:*:*:*:go:*:*\",\"matchCriteriaId\":\"FBD991E2-DB5A-4AAD-95BA-4B5ACB811C96\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.23\",\"matchCriteriaId\":\"4496821E-BD55-4F31-AD9C-A3D66CBBD6BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.12\",\"matchCriteriaId\":\"8DF7ECF6-178D-433C-AA21-BAE9EF248F37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.23\",\"matchCriteriaId\":\"1C3418F4-B8BF-4666-BB39-C188AB01F45C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.12\",\"matchCriteriaId\":\"1278DD1C-EFA9-4316-AD32-24C1B1FB0CEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-08\",\"matchCriteriaId\":\"3BDFB0FF-0F4A-4B7B-94E8-ED72A8106314\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.2.20\",\"matchCriteriaId\":\"16A8F269-E07E-402F-BFD5-60F3988A5EAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.4\",\"versionEndExcluding\":\"17.4.12\",\"matchCriteriaId\":\"C4B2B972-69E2-4D21-9A7C-B2AFF1D89EB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.6\",\"versionEndExcluding\":\"17.6.8\",\"matchCriteriaId\":\"DA5834D4-F52F-41C0-AA11-C974FFEEA063\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndExcluding\":\"17.7.5\",\"matchCriteriaId\":\"2166106F-ACD6-4C7B-B0CC-977B83CC5F73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*\",\"versionEndExcluding\":\"10.0.14393.6351\",\"matchCriteriaId\":\"4CD49C41-6D90-47D3-AB4F-4A74169D3A8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*\",\"versionEndExcluding\":\"10.0.14393.6351\",\"matchCriteriaId\":\"BAEFEE13-9CD7-46A2-8AF6-0A33C79C05F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.4974\",\"matchCriteriaId\":\"E500D59C-6597-45E9-A57B-BE26C0C231D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19044.3570\",\"matchCriteriaId\":\"C9F9A643-90C6-489C-98A0-D2739CE72F86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19045.3570\",\"matchCriteriaId\":\"1814619C-ED07-49E0-A50A-E28D824D43BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22000.2538\",\"matchCriteriaId\":\"100A27D3-87B0-4E72-83F6-7605E3F35E63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22621.2428\",\"matchCriteriaId\":\"C6A36795-0238-45C9-ABE6-3DCCF751915B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.0.0\",\"versionEndExcluding\":\"18.18.2\",\"matchCriteriaId\":\"94BAB9EB-1527-4D9A-BADE-0708579536CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.0.0\",\"versionEndExcluding\":\"20.8.1\",\"matchCriteriaId\":\"69843DE4-4721-4F0A-A9B7-0F6DF5AAA388\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:cbl-mariner:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-11\",\"matchCriteriaId\":\"B25279EF-C406-4133-99ED-0492703E0A4E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-10\",\"matchCriteriaId\":\"9FFFF84B-F35C-43DE-959A-A5D10C3AE9F5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:facebook:proxygen:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.10.16.00\",\"matchCriteriaId\":\"9DCE8C89-7C22-48CA-AF22-B34C8AA2CB8C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.6.1\",\"matchCriteriaId\":\"EDEB508E-0EBD-4450-9074-983DDF568AB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.1.9\",\"matchCriteriaId\":\"93A1A748-6C71-4191-8A16-A93E94E2CDE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.2.3\",\"matchCriteriaId\":\"4E4BCAF6-B246-41EC-9EE1-24296BFC4F5A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:amazon:opensearch_data_prepper:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.5.0\",\"matchCriteriaId\":\"6F70360D-6214-46BA-AF82-6AB01E13E4E9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kazu-yamamoto:http2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2.2\",\"matchCriteriaId\":\"E2DA759E-1AF8-49D3-A3FC-1B426C13CA82\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.17.6\",\"matchCriteriaId\":\"28BE6F7B-AE66-4C8A-AAFA-F1262671E9BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.18.0\",\"versionEndExcluding\":\"1.18.3\",\"matchCriteriaId\":\"F0C8E760-C8D2-483A-BBD4-6A6D292A3874\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.19.0\",\"versionEndExcluding\":\"1.19.1\",\"matchCriteriaId\":\"5D0F78BB-6A05-4C97-A8DB-E731B6CC8CC7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:varnish_cache_project:varnish_cache:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023-10-10\",\"matchCriteriaId\":\"050AE218-3871-44D6-94DA-12D84C2093CB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.10.5\",\"matchCriteriaId\":\"B36BFFB0-C0EC-4926-A1DB-0B711C846A68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"376EAF9B-E994-4268-9704-0A45EA30270F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D08335-C291-4623-B80C-3B14C4D1FA32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"21033CEE-CEF5-4B0D-A565-4A6FC764AA6D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:projectcontour:contour:*:*:*:*:*:kubernetes:*:*\",\"versionEndExcluding\":\"2023-10-11\",\"matchCriteriaId\":\"FC4C66B1-42C0-495D-AE63-2889DE0BED84\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:*:*:*:*:stable:kubernetes:*:*\",\"versionStartIncluding\":\"2.12.0\",\"versionEndIncluding\":\"2.12.5\",\"matchCriteriaId\":\"8633E263-F066-4DD8-A734-90207207A873\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.13.0:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"34A23BD9-A0F4-4D85-8011-EAC93C29B4E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.13.1:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"27ED3533-A795-422F-B923-68BE071DC00D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.14.0:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"45F7E352-3208-4188-A5B1-906E00DF9896\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linkerd:linkerd:2.14.1:*:*:*:stable:kubernetes:*:*\",\"matchCriteriaId\":\"DF89A8AD-66FE-439A-B732-CAAB304D765B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linecorp:armeria:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.26.0\",\"matchCriteriaId\":\"A400C637-AF18-4BEE-B57C-145261B65DEC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:3scale_api_management_platform:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"653A5B08-0D02-4362-A8B1-D00B24C6C6F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0FD736A-8730-446A-BA3A-7B608DB62B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4C504B6-3902-46E2-82B7-48AEC9CDD48D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B4BE2D6-43C3-4065-A213-5DB1325DC78F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:build_of_optaplanner:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D54F5AE-61EC-4434-9D5F-9394A3979894\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE29B9D6-63DC-4779-ACE8-4E51E6A0AF37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:ceph_storage:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E37E1B3-6F68-4502-85D6-68333643BDFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D5A7736-A403-4617-8790-18E46CB74DA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F13B03-69BF-4A8B-A0A0-7F47FD857461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:certification_for_red_hat_enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9393119E-F018-463F-9548-60436F104195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cost_management:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC45EE1E-2365-42D4-9D55-92FA24E5ED3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:cryostat:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E567CD9F-5A43-4D25-B911-B5D0440698F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68146098-58F8-417E-B165-5182527117C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:fence_agents_remediation_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB4D6790-63E5-4043-B8BE-B489D649061D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_camel_for_spring_boot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78698F40-0777-4990-822D-02E1B5D0E2C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B87C8AD3-8878-4546-86C2-BF411876648C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF03BDE8-602D-4DEE-BA5B-5B20FDF47741\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A58966CB-36AF-4E64-AB39-BE3A0753E155\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_a-mq_streams:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585BC540-073B-425B-B664-5EA4C00AFED6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B453CF7-9AA6-4B94-A003-BF7AE0B82F53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD354E32-A8B0-484C-B4C6-9FBCD3430D2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B142ACCC-F7A9-4A3B-BE60-0D6691D5058D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A54BDA-311C-413B-8E4D-388AD65A170A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A305F012-544E-4245-9D69-1C8CD37748B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40CCE4F-EA2C-453D-BB76-6388767E5C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF93A27E-AA2B-4C2E-9B8D-FE7267847326\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:machine_deletion_remediation_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B12A3A8-6456-481A-A0C9-524543FCC149\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_applications:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C2E7E3C-A507-4AB2-97E5-4944D8775CF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_containers:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E22EBF9-AA0D-4712-9D69-DD97679CE835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:migration_toolkit_for_virtualization:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"941B114C-FBD7-42FF-B1D8-4EA30E99102C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:network_observability_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"339CFB34-A795-49F9-BF6D-A00F3A1A4F63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:node_healthcheck_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D044DBE-6F5A-4C53-828E-7B1A570CACFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:node_maintenance_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23FA47F-B967-44AD-AB76-1BB2CAD3CA5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:-:*:*:*:*:aws:*:*\",\"matchCriteriaId\":\"65203CA1-5225-4E55-A187-6454C091F532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF8EFFB-5686-4F28-A68F-1A8854E098CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform_assisted_installer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DA9B2E2-958B-478D-87D6-E5CDDCD44315\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_data_science:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3F5FF1E-5DA3-4EC3-B41A-A362BDFC4C69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97321212-0E07-4CC2-A917-7B5F61AB9A5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_distributed_tracing:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF390236-3259-4C8F-891C-62ACC4386CD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0AAA300-691A-4957-8B69-F6888CC971B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45937289-2D64-47CB-A750-5B4F0D4664A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_sandboxed_containers:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B129311C-EB4B-4041-B85C-44D5E53FCAA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_secondary_scheduler_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1AB54DB-3FB4-41CB-88ED-1400FD22AB85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77675CB7-67D7-44E9-B7FF-D224B3341AA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_service_mesh:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A76A2BCE-4AAE-46D7-93D6-2EDE0FC83145\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C877879-B84B-471C-80CF-0656521CA8AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCC81071-B46D-4F5D-AC25-B4A4CCC20C73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E315FC5C-FF19-43C9-A58A-CF2A5FF13824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20A6B40D-F991-4712-8E30-5FE008505CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1987BDA-0113-4603-B9BE-76647EB043F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:run_once_duration_override_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D482A3D2-6E9B-42BA-9926-35E5BDD5F3BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"848C92A9-0677-442B-8D52-A448F2019903\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:self_node_remediation_operator:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F564701-EDC1-43CF-BB9F-287D6992C6CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:service_interconnect:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12B0CF2B-D1E1-4E20-846E-6F0D873499A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:support_for_spring_boot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8885C2C-7FB8-40CA-BCB9-B48C50BF2499\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:web_terminal:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D88B140-D2A1-4A0A-A2E9-1A3B50C295AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:service_telemetry_framework:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A903C3AD-2D25-45B5-BF4A-A5BEB2286627\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:astra_control_center:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC5EBD2A-32A3-46D5-B155-B44DCB7F6902\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BE6C1F-2565-4E97-92AA-16563E5660A5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:akka:http_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.5.3\",\"matchCriteriaId\":\"C2792650-851F-4820-B003-06A4BEA092D7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:konghq:kong_gateway:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"3.4.2\",\"matchCriteriaId\":\"9F6B63B9-F4C9-4A3F-9310-E0918E1070D1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*\",\"versionEndIncluding\":\"2.414.2\",\"matchCriteriaId\":\"E6FF5F80-A991-43D4-B49F-D843E2BC5798\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*\",\"versionEndIncluding\":\"2.427\",\"matchCriteriaId\":\"54D25DA9-12D0-4F14-83E6-C69D0293AAB9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.4.0\",\"matchCriteriaId\":\"8E1AFFB9-C717-4727-B0C9-5A0C281710E2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.21.4.3\",\"matchCriteriaId\":\"25C85001-E0AB-4B01-8EE7-1D9C77CD956E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.003.009\",\"matchCriteriaId\":\"FB2BDBAC-8D19-4F81-8D31-6D0955A53D82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:connected_mobile_experiences:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1\",\"matchCriteriaId\":\"F98F9D27-6659-413F-8F29-4FDB0882AAC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.3\",\"matchCriteriaId\":\"C98BF315-C563-47C2-BAD1-63347A3D1008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.2\",\"matchCriteriaId\":\"3F30E209-FA52-4D3B-9B88-4193EA388554\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_situation_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3178F3A5-A072-44E1-A225-B04BC536F4FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.0\",\"matchCriteriaId\":\"AA2BE0F1-DD16-4876-8EBA-F187BD38B159\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:data_center_network_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"796B6C58-2140-4105-A2A1-69865A194A75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:enterprise_chat_and_email:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEA99DC6-EA03-469F-A8BE-7F96FDF0B333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"x14.3.3\",\"matchCriteriaId\":\"6560DBF4-AFE6-4672-95DE-74A0B8F4170A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4.2\",\"matchCriteriaId\":\"84785919-796D-41E5-B652-6B5765C81D4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:iot_field_network_director:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.11.0\",\"matchCriteriaId\":\"92A74A1A-C69F-41E6-86D0-D6BB1C5D0A1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_access_registrar:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.3.3\",\"matchCriteriaId\":\"6FE7BA33-2AC0-4A85-97AD-6D77F20BA2AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_cable_provisioning:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.2.1\",\"matchCriteriaId\":\"4FE2F959-1084-48D1-B1F1-8182FC9862DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.10.4\",\"matchCriteriaId\":\"5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.2\",\"matchCriteriaId\":\"1BB6B48E-EA36-40A0-96D0-AF909BEC1147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_dynamic_attributes_connector:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.0\",\"matchCriteriaId\":\"2CBED844-7F94-498C-836D-8593381A9657\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_malware_analytics:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.19.2\",\"matchCriteriaId\":\"C170DBA1-0899-4ECC-9A0D-8FEB1DA1B510\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"x14.3.3\",\"matchCriteriaId\":\"358FA1DC-63D3-49F6-AC07-9E277DD0D9DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024.01.0\",\"matchCriteriaId\":\"BFF2D182-7599-4B81-B56B-F44EDA1384C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_policy_control_function:2024.01.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4868BCCA-24DE-4F24-A8AF-B3A545C0396E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_serving_gateway_function:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024.02.0\",\"matchCriteriaId\":\"194F7A1F-FD43-4FF7-9AE2-C13AA5567E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ultra_cloud_core_-_session_management_function:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024.02.0\",\"matchCriteriaId\":\"BEC75F99-C7F0-47EB-9032-C9D3A42EBA20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_attendant_console_advanced:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6638F4E-16F7-447D-B755-52640BCB1C61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_domain_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC34F742-530E-4AB4-8AFC-D1E088E256B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_enterprise_-_live_data_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.6.2\",\"matchCriteriaId\":\"E22AD683-345B-4E16-BB9E-E9B1783E09AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_management_portal:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5C0D694-9E24-4782-B35F-D7C3E3B0F2ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:fog_director:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.22\",\"matchCriteriaId\":\"2955BEE9-F567-4006-B96D-92E10FF84DB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.15.1\",\"matchCriteriaId\":\"67502878-DB20-4410-ABA0-A1C5705064CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.11.2\",\"matchCriteriaId\":\"177DED2D-8089-4494-BDD9-7F84FC06CD5B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:secure_web_appliance_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.1.0\",\"matchCriteriaId\":\"54A29FD3-4128-4333-8445-A7DD04A6ECF6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:secure_web_appliance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67074526-9933-46B3-9FE3-A0BE73C5E8A7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2\\\\(7\\\\)\",\"matchCriteriaId\":\"EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3\\\\(1\\\\)\",\"versionEndExcluding\":\"10.3\\\\(5\\\\)\",\"matchCriteriaId\":\"0A236A0A-6956-4D79-B8E5-B2D0C79FAE88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.4\\\\(1\\\\)\",\"versionEndExcluding\":\"10.4\\\\(2\\\\)\",\"matchCriteriaId\":\"BE71D34C-227A-4789-BA4D-79E5FDE311DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"528ED62B-D739-4E06-AC64-B506FD73BBAB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3016q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D402AB0-BCFB-4F42-8C50-5DC930AEEC8B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC2A6C31-438A-4CF5-A3F3-364B1672EB7D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76C10D85-88AC-4A79-8866-BED88A0F8DF8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09AC2BAD-F536-48D0-A2F0-D4E290519EB6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F4E8EE4-031D-47D3-A12E-EE5F792172EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41C14CC9-C244-4B86-AEA6-C50BAD5DA9A6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8FF2EC4-0C09-4C00-9956-A2A4A894F63D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100-z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14D4B4E-120E-4607-A4F1-447C7BF3052E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3100v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15702ACB-29F3-412D-8805-E107E0729E35\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E930332-CDDD-48D5-93BC-C22D693BBFA2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29B34855-D8D2-4114-80D2-A4D159C62458\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF4B8FE-E134-4491-B5C2-C1CFEB64731B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4226DA0-9371-401C-8247-E6E636A116C3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7664666F-BCE4-4799-AEEA-3A73E6AD33F4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3DBBFE9-835C-4411-8492-6006E74BAC65\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3293438-3D18-45A2-B093-2C3F65783336\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C97C29EE-9426-4BBE-8D84-AB5FF748703D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-x\\\\/3132q-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E142C18F-9FB5-4D96-866A-141D7D16CAF7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F43B770-D96C-44EA-BC12-9F39FC4317B9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7817F4E6-B2DA-4F06-95A4-AF329F594C02\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CED628B5-97A8-4B26-AA40-BEC854982157\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BB9DD73-E31D-4921-A6D6-E14E04703588\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq\\\\/pq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EFC116A-627F-4E05-B631-651D161217C8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4532F513-0543-4960-9877-01F23CA7BA1B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B43502B-FD53-465A-B60F-6A359C6ACD99\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3229124-B097-4AAC-8ACD-2F9C89DCC3AB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A532C0-B0E3-484A-B356-88970E7D0248\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C84D24C-2256-42AF-898A-221EBE9FE1E4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"652A2849-668D-4156-88FB-C19844A59F33\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D008CA1C-6F5A-40EA-BB12-A9D84D5AF700\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24FBE87B-8A4F-43A8-98A3-4A7D9C630937\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ACD09AC-8B28-4ACB-967B-AB3D450BC137\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43913A0E-50D5-47DD-94D8-DD3391633619\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D397349-CCC6-479B-9273-FB1FFF4F34F2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC7286A7-780F-4A45-940A-4AD5C9D0F201\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA52D5C1-13D8-4D23-B022-954CCEF491F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F7AF8D7-431B-43CE-840F-CC0817D159C0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAC204C8-1A5A-4E85-824E-DC9B8F6A802D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8E1073F-D374-4311-8F12-AD8C72FAA293\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAF5AF71-15DF-4151-A1CF-E138A7103FC8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F80A72-AD54-4699-B8AE-82715F0B58E2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-x\\\\/xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E505C0B1-2119-4C6A-BF96-C282C633D169\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9354B6A2-D7D6-442E-BF4C-FE8A336D9E94\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"088C0323-683A-44F5-8D42-FF6EC85D080E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74CB4002-7636-4382-B33E-FBA060A13C34\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-x\\\\/xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"915EF8F6-6039-4DD0-B875-30D911752B74\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10CEBF73-3EE0-459A-86C5-F8F6243FE27C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97217080-455C-48E4-8CE1-6D5B9485864F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95D2C4C3-65CE-4612-A027-AF70CEFC3233\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57572E4A-78D5-4D1A-938B-F05F01759612\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2\\\\(7\\\\)\",\"matchCriteriaId\":\"EEB32D2E-AD9D-44A0-AEF7-689F7D2605C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3\\\\(1\\\\)\",\"versionEndExcluding\":\"10.3\\\\(5\\\\)\",\"matchCriteriaId\":\"0A236A0A-6956-4D79-B8E5-B2D0C79FAE88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.4\\\\(1\\\\)\",\"versionEndExcluding\":\"10.4\\\\(2\\\\)\",\"matchCriteriaId\":\"BE71D34C-227A-4789-BA4D-79E5FDE311DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CD9C1F1-8582-4F67-A77D-97CBFECB88B8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"532CE4B0-A3C9-4613-AAAF-727817D06FB4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9200yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24CA1A59-2681-4507-AC74-53BD481099B9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4283E433-7F8C-4410-B565-471415445811\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92160yc_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF9147C9-5D8B-40F5-9AAA-66A3495A0AD8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9221c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFB9FDE8-8533-4F65-BF32-4066D042B2F7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F80AB6FB-32FD-43D7-A9F1-80FA47696210\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92300yc_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA5389A-8AD1-476E-983A-54DF573C30F5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5B2E4C1-2627-4B9D-8E92-4B483F647651\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92304qc_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1B1A8F1-45B1-4E64-A254-7191FA93CB6D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83DA8BFA-D7A2-476C-A6F5-CAE610033BC2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"557ED31C-C26A-4FAE-8B14-D06B49F7F08B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11411BFD-3F4D-4309-AB35-A3629A360FB0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9236c_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB2FFD26-8255-4351-8594-29D2AEFC06EF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E663DE91-C86D-48DC-B771-FA72A8DF7A7C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9272q_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61E10975-B47E-4F4D-8096-AEC7B7733612\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A90184B3-C82F-4CE5-B2AD-97D5E4690871\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40E40F42-632A-47DF-BE33-DC25B826310B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C67B7A6-9BB2-41FC-8FA3-8D0DF67CBC68\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C47F6BF9-2ADB-41A4-8D7D-8BB00141BB23\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx3h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16C64136-89C2-443C-AF7B-BED81D3DE25A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBEF7F26-BB47-44BD-872E-130820557C23\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DE6F63-2C7D-415B-8C34-01EC05C062F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93120tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"182000E0-8204-4D8B-B7DE-B191AFE12E28\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93128:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F309E7B9-B828-4CD2-9D2B-8966EE5B9CC1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F423E45D-A6DD-4305-9C6A-EAB26293E53A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93128tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDC208BC-7E19-48C6-A20E-A79A51B7362C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"102F91CD-DFB6-43D4-AE5B-DA157A696230\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E952A96A-0F48-4357-B7DD-1127D8827650\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180lc-ex_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"084D0191-563B-4FF0-B589-F35DA118E1C6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180tc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7DB6FC5-762A-4F16-AE8C-69330EFCF640\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F70D81F1-8B12-4474-9060-B4934D8A3873\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5394DE31-3863-4CA9-B7B1-E5227183100D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"968390BC-B430-4903-B614-13104BFAE635\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7349D69B-D8FA-4462-AA28-69DD18A652D9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE4BB834-2C00-4384-A78E-AF3BCDDC58AF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0D30D52-837F-4FDA-B8E5-A9066E9C6D2F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx3h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6678B8A-D905-447E-BE7E-6BFB4CC5DAFE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CE49B45-F2E9-491D-9C29-1B46E9CE14E2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93240tc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BFAD21E-59EE-4CCE-8F1E-621D2EA50905\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91231DC6-2773-4238-8C14-A346F213B5E5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DF88547-BAF4-47B0-9F60-80A30297FCEB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332d-gx2b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02C3CE6D-BD54-48B1-A188-8E53DA001424\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332d-h2r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"498991F7-39D6-428C-8C7D-DD8DC72A0346\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"113772B6-E9D2-4094-9468-3F4E1A87D07D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332pq_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7B90D36-5124-4669-8462-4EAF35B0F53D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C45A38D6-BED6-4FEF-AD87-A1E813695DE0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1FC2B1F-232E-4754-8076-CC82F3648730\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CDD27C9-5EAF-4956-8AB7-740C84C9D4FC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F1127D2-12C0-454F-91EF-5EE334070D06\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq_aci:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6EB963-E0F2-4A02-8765-AB2064BE19E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"785FD17C-F32E-4042-9DDE-A89B3AAE0334\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336pq_aci_spine_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEAAF99B-5406-4722-81FB-A91CBAC2DF41\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9348d-gx2a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73DC1E93-561E-490C-AE0E-B02BAB9A7C8E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9348gc-fx3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12DA2DE5-8ADA-4D6A-BC1A-9C06FA163B1C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF467E2-4567-426E-8F48-39669E0F514C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63842B25-8C32-4988-BBBD-61E9CB09B4F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68EA1FEF-B6B6-49FE-A0A4-5387F76303F8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9364d-gx2a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40D6DB7F-C025-4971-9615-73393ED61078\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4364ADB9-8162-451D-806A-B98924E6B2CF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B53BCB42-ED61-4FCF-8068-CB467631C63C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px-e_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"737C724A-B6CD-4FF7-96E0-EBBF645D660E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372px_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7067AEC7-DFC8-4437-9338-C5165D9A8F36\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E0371B-FDE2-473C-AA59-47E1269D050F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"489D11EC-5A18-4F32-BC7C-AC1FCEC27222\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx-e_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71D4CF15-B293-4403-A1A9-96AD3933BAEF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9372tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBCC1515-2DBE-4DF2-8E83-29A869170F36\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BC5293E-F2B4-46DC-85DA-167EA323FCFD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396px_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7282AAFF-ED18-4992-AC12-D953C35EC328\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA022E77-6557-4A33-9A3A-D028E2DB669A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9396tx_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"360409CC-4172-4878-A76B-EA1C1F8C7A79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8D5D5E2-B40B-475D-9EF3-8441016E37E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9432pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDA8E1F0-74A6-4725-B6AA-A1112EFC5D0C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63BE0266-1C00-4D6A-AD96-7F82532ABAA7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_16-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73F59A4B-AE92-4533-8EDC-D1DD850309FF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_4-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"492A2C86-DD38-466B-9965-77629A73814F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_8-slot:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FB7AA46-4018-4925-963E-719E1037F759\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B9D1E4-10B9-4B6F-B848-D93ABF6486D6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_a\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB270C45-756E-400A-979F-D07D750C881A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E8A085C-2DBA-4269-AB01-B16019FBB4DA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500_supervisor_b\\\\+:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A79DD582-AF68-44F1-B640-766B46EF2BE2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B04484DA-AA59-4833-916E-6A8C96D34F0D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"768BE390-5ED5-48A7-9E80-C4DE8BA979B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9504_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D07B5399-44C7-468D-9D57-BB5B5E26CE50\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC2F709-AFBE-48EA-A3A2-DA1134534FB6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9508_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76FB64F-16F0-4B0B-B304-B46258D434BA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E02DC82-0D26-436F-BA64-73C958932B0A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9516_switch:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E128053-834B-4DD5-A517-D14B4FC2B56F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9536pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"163743A1-09E7-4EC5-8ECA-79E4B9CE173B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9636pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE340E4C-DC48-4FC8-921B-EE304DB5AE0A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9716d-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C367BBE0-D71F-4CB5-B50E-72B033E73FE1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9736pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85E1D224-4751-4233-A127-A041068C804A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD31B075-01B1-429E-83F4-B999356A0EB9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9804:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10C9C0A-C96A-4B45-90D0-6ED457EB5F4C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9808:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3284D16F-3275-4F8D-8AE4-D413DE19C4FA\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/10/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/10/7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/19/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/20/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://blog.vespa.ai/cve-2023-44487/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1216123\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/Azure/AKS/issues/3947\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/Kong/kong/discussions/11741\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-vx74-f528-fxqg\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/akka/akka-http/issues/4323\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/alibaba/tengine/issues/1872\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/apisix/issues/10320\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd-site/pull/10\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/trafficserver/pull/10564\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/bcdannyboy/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/issues/5877\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dotnet/announcements/issues/277\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/eclipse/jetty.project/issues/10679\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/envoyproxy/envoy/pull/30055\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/etcd-io/etcd/issues/16740\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/facebook/proxygen/pull/466\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/golang/go/issues/63417\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/grpc/grpc-go/pull/6703\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/grpc/grpc/releases/tag/v1.59.2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://github.com/h2o/h2o/pull/3291\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/haproxy/haproxy/issues/2312\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/junkurihara/rust-rpxy/issues/97\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/issues/93\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/pull/121120\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/line/armeria/pull/5232\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/micrictor/http2-rst-stream\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/microsoft/CBL-Mariner/pull/6381\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/pull/1961\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ninenines/cowboy/issues/1615\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/nodejs/node/pull/50121\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/openresty/openresty/issues/930\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/opensearch-project/data-prepper/issues/3474\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/oqtane/oqtane.framework/discussions/3367\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/projectcontour/contour/pull/5826\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/tempesta-tech/tempesta/issues/1986\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/varnishcache/varnish-cache/issues/3996\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://istio.io/latest/news/security/istio-security-2023-004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://my.f5.com/manage/s/article/K000137106\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://netty.io/news/2023/10/10/4-1-100-Final.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830987\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830998\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Press/Media Coverage\"]},{\"url\":\"https://news.ycombinator.com/item?id=37831062\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37837043\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231016-0001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240426-0007/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0007/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5521\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5540\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5549\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5558\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5570\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/10/10/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/13/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/18/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/19/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/10/20/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/08/13/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/cve-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://blog.vespa.ai/cve-2023-44487/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1216123\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Vendor Advisory\"]},{\"url\":\"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/Azure/AKS/issues/3947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/Kong/kong/discussions/11741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-vx74-f528-fxqg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/akka/akka-http/issues/4323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/alibaba/tengine/issues/1872\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/apisix/issues/10320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd-site/pull/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/trafficserver/pull/10564\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/bcdannyboy/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/issues/5877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/dotnet/announcements/issues/277\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/eclipse/jetty.project/issues/10679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/envoyproxy/envoy/pull/30055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/etcd-io/etcd/issues/16740\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/facebook/proxygen/pull/466\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/golang/go/issues/63417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/grpc/grpc-go/pull/6703\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/h2o/h2o/pull/3291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/haproxy/haproxy/issues/2312\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/junkurihara/rust-rpxy/issues/97\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/kazu-yamamoto/http2/issues/93\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/kubernetes/kubernetes/pull/121120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/line/armeria/pull/5232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/micrictor/http2-rst-stream\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/microsoft/CBL-Mariner/pull/6381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/pull/1961\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ninenines/cowboy/issues/1615\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/nodejs/node/pull/50121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/openresty/openresty/issues/930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/opensearch-project/data-prepper/issues/3474\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/oqtane/oqtane.framework/discussions/3367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/projectcontour/contour/pull/5826\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/tempesta-tech/tempesta/issues/1986\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/varnishcache/varnish-cache/issues/3996\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://istio.io/latest/news/security/istio-security-2023-004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://my.f5.com/manage/s/article/K000137106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://netty.io/news/2023/10/10/4-1-100-Final.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830987\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37830998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Press/Media Coverage\"]},{\"url\":\"https://news.ycombinator.com/item?id=37831062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=37837043\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231016-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240426-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.paloaltonetworks.com/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://ubuntu.com/security/CVE-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5540\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5570\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/10/10/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-341067.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-784301.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-832273.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37831062\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/envoyproxy/envoy/pull/30055\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/haproxy/haproxy/issues/2312\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/eclipse/jetty.project/issues/10679\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/pull/1961\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/alibaba/tengine/issues/1872\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37830987\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37830998\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/caddyserver/caddy/issues/5877\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/bcdannyboy/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/grpc/grpc-go/pull/6703\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://my.f5.com/manage/s/article/K000137106\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/microsoft/CBL-Mariner/pull/6381\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/facebook/proxygen/pull/466\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/micrictor/http2-rst-stream\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/h2o/h2o/pull/3291\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/nodejs/node/pull/50121\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/dotnet/announcements/issues/277\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/golang/go/issues/63417\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-vx74-f528-fxqg\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/trafficserver/pull/10564\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/10/10/6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/opensearch-project/data-prepper/issues/3474\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/kubernetes/kubernetes/pull/121120\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/oqtane/oqtane.framework/discussions/3367\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://netty.io/news/2023/10/10/4-1-100-Final.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=37837043\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/kazu-yamamoto/http2/issues/93\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"name\": \"DSA-5522\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5521\", \"name\": \"DSA-5521\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/ninenines/cowboy/issues/1615\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/varnishcache/varnish-cache/issues/3996\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/tempesta-tech/tempesta/issues/1986\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.vespa.ai/cve-2023-44487/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/etcd-io/etcd/issues/16740\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://istio.io/latest/news/security/istio-security-2023-004/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/junkurihara/rust-rpxy/issues/97\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1216123\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/httpd-site/pull/10\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/projectcontour/contour/pull/5826\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/line/armeria/pull/5232\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/akka/akka-http/issues/4323\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/openresty/openresty/issues/930\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/apache/apisix/issues/10320\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/Azure/AKS/issues/3947\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/Kong/kong/discussions/11741\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"name\": \"[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/4\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/9\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\", \"name\": \"FEDORA-2023-ed2642fd58\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231016-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/4\", \"name\": \"[oss-security] 20231018 Vulnerability in Jenkins\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/8\", \"name\": \"[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/19/6\", \"name\": \"[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\", \"name\": \"FEDORA-2023-54fadada12\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\", \"name\": \"FEDORA-2023-5ff7bf1dd8\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/20/8\", \"name\": \"[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\", \"name\": \"FEDORA-2023-17efd3f2cd\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\", \"name\": \"FEDORA-2023-d5030c983c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\", \"name\": \"FEDORA-2023-0259c3f26f\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\", \"name\": \"FEDORA-2023-2a9214af5f\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\", \"name\": \"FEDORA-2023-e9c04d81c1\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\", \"name\": \"FEDORA-2023-f66fc0f62a\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\", \"name\": \"FEDORA-2023-4d2fd884ea\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\", \"name\": \"FEDORA-2023-b2c50535cb\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"name\": \"FEDORA-2023-fe53e13b5b\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"name\": \"FEDORA-2023-4bf641255e\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\", \"name\": \"[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5540\", \"name\": \"DSA-5540\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\", \"name\": \"[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\", \"name\": \"FEDORA-2023-1caffb88af\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\", \"name\": \"FEDORA-2023-3f70b8d406\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\", \"name\": \"FEDORA-2023-7b52921cae\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\", \"name\": \"FEDORA-2023-7934802344\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\", \"name\": \"FEDORA-2023-dbe64661af\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"name\": \"FEDORA-2023-822aab0a5a\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\", \"name\": \"[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5549\", \"name\": \"DSA-5549\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\", \"name\": \"FEDORA-2023-c0c6a91330\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\", \"name\": \"FEDORA-2023-492b7be466\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5558\", \"name\": \"DSA-5558\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\", \"name\": \"[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"name\": \"GLSA-202311-09\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5570\", \"name\": \"DSA-5570\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240426-0007/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/08/13/6\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:08:27.383Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM APE1808\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SINEC NMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-832273.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-341067.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-784301.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-915275.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-05-12T10:52:23.784Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-44487\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-23T20:34:21.334116Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-10-10\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*\"], \"vendor\": \"ietf\", \"product\": \"http\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-10-10T00:00:00.000Z\", \"value\": \"CVE-2023-44487 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-16T18:31:22.372Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73\"}, {\"url\": \"https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/\"}, {\"url\": \"https://aws.amazon.com/security/security-bulletins/AWS-2023-011/\"}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack\"}, {\"url\": \"https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\"}, {\"url\": \"https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/\"}, {\"url\": \"https://news.ycombinator.com/item?id=37831062\"}, {\"url\": \"https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/\"}, {\"url\": \"https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack\"}, {\"url\": \"https://github.com/envoyproxy/envoy/pull/30055\"}, {\"url\": \"https://github.com/haproxy/haproxy/issues/2312\"}, {\"url\": \"https://github.com/eclipse/jetty.project/issues/10679\"}, {\"url\": \"https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764\"}, {\"url\": \"https://github.com/nghttp2/nghttp2/pull/1961\"}, {\"url\": \"https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61\"}, {\"url\": \"https://github.com/alibaba/tengine/issues/1872\"}, {\"url\": \"https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2\"}, {\"url\": \"https://news.ycombinator.com/item?id=37830987\"}, {\"url\": \"https://news.ycombinator.com/item?id=37830998\"}, {\"url\": \"https://github.com/caddyserver/caddy/issues/5877\"}, {\"url\": \"https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/\"}, {\"url\": \"https://github.com/bcdannyboy/CVE-2023-44487\"}, {\"url\": \"https://github.com/grpc/grpc-go/pull/6703\"}, {\"url\": \"https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244\"}, {\"url\": \"https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0\"}, {\"url\": \"https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html\"}, {\"url\": \"https://my.f5.com/manage/s/article/K000137106\"}, {\"url\": \"https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/\"}, {\"url\": \"https://bugzilla.proxmox.com/show_bug.cgi?id=4988\"}, {\"url\": \"https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/7\", \"name\": \"[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/10/6\", \"name\": \"[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected\"}, {\"url\": \"https://github.com/microsoft/CBL-Mariner/pull/6381\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo\"}, {\"url\": \"https://github.com/facebook/proxygen/pull/466\"}, {\"url\": \"https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088\"}, {\"url\": \"https://github.com/micrictor/http2-rst-stream\"}, {\"url\": \"https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve\"}, {\"url\": \"https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/\"}, {\"url\": \"https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf\"}, {\"url\": \"https://github.com/h2o/h2o/pull/3291\"}, {\"url\": \"https://github.com/nodejs/node/pull/50121\"}, {\"url\": \"https://github.com/dotnet/announcements/issues/277\"}, {\"url\": \"https://github.com/golang/go/issues/63417\"}, {\"url\": \"https://github.com/advisories/GHSA-vx74-f528-fxqg\"}, {\"url\": \"https://github.com/apache/trafficserver/pull/10564\"}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487\"}, {\"url\": \"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14\"}, {\"url\": \"https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/10/10/6\"}, {\"url\": \"https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\"}, {\"url\": \"https://github.com/opensearch-project/data-prepper/issues/3474\"}, {\"url\": \"https://github.com/kubernetes/kubernetes/pull/121120\"}, {\"url\": \"https://github.com/oqtane/oqtane.framework/discussions/3367\"}, {\"url\": \"https://github.com/advisories/GHSA-xpw8-rcwv-8f8p\"}, {\"url\": \"https://netty.io/news/2023/10/10/4-1-100-Final.html\"}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487\"}, {\"url\": \"https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/\"}, {\"url\": \"https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack\"}, {\"url\": \"https://news.ycombinator.com/item?id=37837043\"}, {\"url\": \"https://github.com/kazu-yamamoto/http2/issues/93\"}, {\"url\": \"https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html\"}, {\"url\": \"https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1\"}, {\"url\": \"https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5522\", \"name\": \"DSA-5522\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5521\", \"name\": \"DSA-5521\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2023-44487\"}, {\"url\": \"https://github.com/ninenines/cowboy/issues/1615\"}, {\"url\": \"https://github.com/varnishcache/varnish-cache/issues/3996\"}, {\"url\": \"https://github.com/tempesta-tech/tempesta/issues/1986\"}, {\"url\": \"https://blog.vespa.ai/cve-2023-44487/\"}, {\"url\": \"https://github.com/etcd-io/etcd/issues/16740\"}, {\"url\": \"https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\"}, {\"url\": \"https://istio.io/latest/news/security/istio-security-2023-004/\"}, {\"url\": \"https://github.com/junkurihara/rust-rpxy/issues/97\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1216123\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2242803\"}, {\"url\": \"https://ubuntu.com/security/CVE-2023-44487\"}, {\"url\": \"https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125\"}, {\"url\": \"https://github.com/advisories/GHSA-qppj-fm5r-hxr3\"}, {\"url\": \"https://github.com/apache/httpd-site/pull/10\"}, {\"url\": \"https://github.com/projectcontour/contour/pull/5826\"}, {\"url\": \"https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632\"}, {\"url\": \"https://github.com/line/armeria/pull/5232\"}, {\"url\": \"https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/\"}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2023-44487\"}, {\"url\": \"https://github.com/akka/akka-http/issues/4323\"}, {\"url\": \"https://github.com/openresty/openresty/issues/930\"}, {\"url\": \"https://github.com/apache/apisix/issues/10320\"}, {\"url\": \"https://github.com/Azure/AKS/issues/3947\"}, {\"url\": \"https://github.com/Kong/kong/discussions/11741\"}, {\"url\": \"https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487\"}, {\"url\": \"https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/\"}, {\"url\": \"https://github.com/caddyserver/caddy/releases/tag/v2.7.5\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html\", \"name\": \"[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/4\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/13/9\", \"name\": \"[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/\"}, {\"url\": \"https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/\", \"name\": \"FEDORA-2023-ed2642fd58\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231016-0001/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html\", \"name\": \"[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/4\", \"name\": \"[oss-security] 20231018 Vulnerability in Jenkins\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/18/8\", \"name\": \"[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/19/6\", \"name\": \"[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/\", \"name\": \"FEDORA-2023-54fadada12\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/\", \"name\": \"FEDORA-2023-5ff7bf1dd8\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/10/20/8\", \"name\": \"[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/\", \"name\": \"FEDORA-2023-17efd3f2cd\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/\", \"name\": \"FEDORA-2023-d5030c983c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/\", \"name\": \"FEDORA-2023-0259c3f26f\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/\", \"name\": \"FEDORA-2023-2a9214af5f\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/\", \"name\": \"FEDORA-2023-e9c04d81c1\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/\", \"name\": \"FEDORA-2023-f66fc0f62a\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/\", \"name\": \"FEDORA-2023-4d2fd884ea\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/\", \"name\": \"FEDORA-2023-b2c50535cb\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"name\": \"FEDORA-2023-fe53e13b5b\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"name\": \"FEDORA-2023-4bf641255e\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html\", \"name\": \"[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5540\", \"name\": \"DSA-5540\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html\", \"name\": \"[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/\", \"name\": \"FEDORA-2023-1caffb88af\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/\", \"name\": \"FEDORA-2023-3f70b8d406\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/\", \"name\": \"FEDORA-2023-7b52921cae\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/\", \"name\": \"FEDORA-2023-7934802344\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/\", \"name\": \"FEDORA-2023-dbe64661af\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"name\": \"FEDORA-2023-822aab0a5a\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html\", \"name\": \"[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5549\", \"name\": \"DSA-5549\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/\", \"name\": \"FEDORA-2023-c0c6a91330\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/\", \"name\": \"FEDORA-2023-492b7be466\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5558\", \"name\": \"DSA-5558\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html\", \"name\": \"[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"name\": \"GLSA-202311-09\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5570\", \"name\": \"DSA-5570\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240426-0007/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\"}, {\"url\": \"https://github.com/grpc/grpc/releases/tag/v1.59.2\"}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-06-07T20:05:34.376Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-44487\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-12T10:52:23.784Z\", \"dateReserved\": \"2023-09-29T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-10-10T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2023:5931
Vulnerability from csaf_redhat - Published: 2023-10-19 13:15 - Updated: 2026-07-01 05:36A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Workaround
|
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Workaround
|
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
A remote code execution vulnerability exists in Git-python. By injecting a malicious URL into the clone command, an attacker can exploit this vulnerability as the library makes external calls to git without any input sanitization. This issue leads to complete system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
Workaround
|
A bypass of validation flaw was found in python-django. When uploading multiple files using one form field, an attacker could upload multiple files without validation due to the server only validating the last file uploaded.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src | — | ||
| Unresolved product id: 8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 | — |
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Satellite 6.13 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.\n\nSecurity fix(es):\n\n* Yggdrasil-worker-forwarder (gRPC): Rapid Reset Attack through HTTP/2 enabled web service which leads to DDoS attack (CVE-2023-44487 \u0026 CVE-2023-39325)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\n* Foreman: OS command injection via ct_command and fcct_command (CVE-2022-3874)\n\n* Foreman: Arbitrary code execution through yaml global parameters (CVE-2023-0462)\n\n* GitPython: Remote code execution and improper input validation vulnerability (CVE-2022-24439 \u0026 CVE-2023-40267)\n\n* Ruby-git \u0026 tfm-rubygem-git: Code injection vulnerability (CVE-2022-47318 \u0026 CVE-2022-46648)\n\n* Python-django: Multiple flaws (CVE-2023-31047 \u0026 CVE-2023-36053)\n\n* Puppet-agent (openssl): Multiple flaws (CVE-2022-1292 CVE-2022-2068)\n\nThis update fixes the following bugs:\n\n2238346 - Red Hat supported provisioning templates are not recognized by RH icon on the row for a given template\n2238348 - when creating a backup on rhel7 and restoring on rhel8, the restore process will fail with permission issues\n2238350 - Virtual machine goes in re-provisioning mode while registration host using Global registration template.\n2238359 - Capsule redundantly synces *-Export-Library repos\n2238361 - Can\u0027t update the redhat_repository_url without changing the cdn_configuration to custom_cdn\n2238363 - katello-certs-check does not cause the installer to halt execution on failure\n2238367 - Satellite Web UI \u003e\u003e Hosts \u003e\u003e All Hosts page loading slow even after power isn\u0027t selected from the new option \"Manage columns\".\n2238369 - Content-export incremental with syncable format based does not include productid file into repodata directory\n2238371 - SELinux is preventing pulpcore-worker from read access on the key labeled pulpcore_server_t\n2239041 - Reclaim space for repository fails with Cannot delete some instances of model \u0027Artifact\u0027 because they are referenced through protected foreign keys: \u0027ContentArtifact.artifact\u0027.\"\n2238353 - The \"hammer export\" command using single thread encryption causes a performance bottleneck.\n2240781 - Remediation from CRC via Satellite shows \"Failed\" status even after successful remediation of Insights recommendations. \n2241914 - \"NoMethodError: undefined method `fact_values\u0027\" while trying to perform inventory upload\n\nUsers of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5931",
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/upgrading_and_updating_red_hat_satellite/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/upgrading_and_updating_red_hat_satellite/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2081494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
},
{
"category": "external",
"summary": "2097310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
},
{
"category": "external",
"summary": "2140577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140577"
},
{
"category": "external",
"summary": "2151583",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151583"
},
{
"category": "external",
"summary": "2159672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159672"
},
{
"category": "external",
"summary": "2162970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970"
},
{
"category": "external",
"summary": "2169385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169385"
},
{
"category": "external",
"summary": "2192565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192565"
},
{
"category": "external",
"summary": "2218004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218004"
},
{
"category": "external",
"summary": "2231474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231474"
},
{
"category": "external",
"summary": "2238346",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238346"
},
{
"category": "external",
"summary": "2238348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238348"
},
{
"category": "external",
"summary": "2238350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238350"
},
{
"category": "external",
"summary": "2238353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238353"
},
{
"category": "external",
"summary": "2238359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238359"
},
{
"category": "external",
"summary": "2238361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238361"
},
{
"category": "external",
"summary": "2238363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238363"
},
{
"category": "external",
"summary": "2238367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238367"
},
{
"category": "external",
"summary": "2238369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238369"
},
{
"category": "external",
"summary": "2238371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238371"
},
{
"category": "external",
"summary": "2239041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239041"
},
{
"category": "external",
"summary": "2240781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240781"
},
{
"category": "external",
"summary": "2241914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241914"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5931.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.13.5 Async Security Update",
"tracking": {
"current_release_date": "2026-07-01T05:36:54+00:00",
"generator": {
"date": "2026-07-01T05:36:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:5931",
"initial_release_date": "2023-10-19T13:15:21+00:00",
"revision_history": [
{
"date": "2023-10-19T13:15:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-19T13:15:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T05:36:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.13::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.13::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.13::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product": {
"name": "Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-maintenance",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_maintenance:6.13::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.5.1.23-1.el8sat.src",
"product": {
"name": "foreman-0:3.5.1.23-1.el8sat.src",
"product_id": "foreman-0:3.5.1.23-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.5.1.23-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.5.2.4-1.el8sat.src",
"product": {
"name": "foreman-installer-1:3.5.2.4-1.el8sat.src",
"product_id": "foreman-installer-1:3.5.2.4-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.5.2.4-1.el8sat?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.src",
"product": {
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.src",
"product_id": "pulpcore-selinux-0:1.3.3-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pulpcore-selinux@1.3.3-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-django-0:3.2.21-1.el8pc.src",
"product": {
"name": "python-django-0:3.2.21-1.el8pc.src",
"product_id": "python-django-0:3.2.21-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django@3.2.21-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-gitpython-0:3.1.32-1.el8pc.src",
"product": {
"name": "python-gitpython-0:3.1.32-1.el8pc.src",
"product_id": "python-gitpython-0:3.1.32-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-gitpython@3.1.32-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulpcore-0:3.21.18-1.el8pc.src",
"product": {
"name": "python-pulpcore-0:3.21.18-1.el8pc.src",
"product_id": "python-pulpcore-0:3.21.18-1.el8pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulpcore@3.21.18-1.el8pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"product": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"product_id": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_maintain@1.2.12-1.el8sat?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"product": {
"name": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"product_id": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_theme_satellite@11.0.0.6-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.7.0.33-1.el8sat.src",
"product": {
"name": "rubygem-katello-0:4.7.0.33-1.el8sat.src",
"product_id": "rubygem-katello-0:4.7.0.33-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.7.0.33-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.13.5-1.el8sat.src",
"product": {
"name": "satellite-0:6.13.5-1.el8sat.src",
"product_id": "satellite-0:6.13.5-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.13.5-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"product": {
"name": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"product_id": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_rh_cloud@7.0.48-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-git-0:1.18.0-1.el8sat.src",
"product": {
"name": "rubygem-git-0:1.18.0-1.el8sat.src",
"product_id": "rubygem-git-0:1.18.0-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-git@1.18.0-1.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el8sat.src",
"product": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src",
"product_id": "puppet-agent-0:7.26.0-3.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el8sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-1.el8sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-service-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-service-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"product": {
"name": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"product_id": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.5.1.23-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"product": {
"name": "foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"product_id": "foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.5.2.4-1.el8sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"product": {
"name": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"product_id": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer-katello@3.5.2.4-1.el8sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python39-django-0:3.2.21-1.el8pc.noarch",
"product": {
"name": "python39-django-0:3.2.21-1.el8pc.noarch",
"product_id": "python39-django-0:3.2.21-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-django@3.2.21-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-gitpython-0:3.1.32-1.el8pc.noarch",
"product": {
"name": "python39-gitpython-0:3.1.32-1.el8pc.noarch",
"product_id": "python39-gitpython-0:3.1.32-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-gitpython@3.1.32-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"product": {
"name": "python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"product_id": "python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python39-pulpcore@3.21.18-1.el8pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"product_id": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_maintain@1.2.12-1.el8sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"product_id": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_theme_satellite@11.0.0.6-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"product": {
"name": "rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"product_id": "rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.7.0.33-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.13.5-1.el8sat.noarch",
"product": {
"name": "satellite-capsule-0:6.13.5-1.el8sat.noarch",
"product_id": "satellite-capsule-0:6.13.5-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.13.5-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.13.5-1.el8sat.noarch",
"product": {
"name": "satellite-common-0:6.13.5-1.el8sat.noarch",
"product_id": "satellite-common-0:6.13.5-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.13.5-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.13.5-1.el8sat.noarch",
"product": {
"name": "satellite-0:6.13.5-1.el8sat.noarch",
"product_id": "satellite-0:6.13.5-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.13.5-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.13.5-1.el8sat.noarch",
"product": {
"name": "satellite-cli-0:6.13.5-1.el8sat.noarch",
"product_id": "satellite-cli-0:6.13.5-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.13.5-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"product": {
"name": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"product_id": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_rh_cloud@7.0.48-1.el8sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-git-0:1.18.0-1.el8sat.noarch",
"product": {
"name": "rubygem-git-0:1.18.0-1.el8sat.noarch",
"product_id": "rubygem-git-0:1.18.0-1.el8sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-git@1.18.0-1.el8sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"product": {
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"product_id": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pulpcore-selinux@1.3.3-1.el8pc?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product_id": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/puppet-agent@7.26.0-3.el8sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-1.el8sat?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.5.1.23-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src"
},
"product_reference": "foreman-0:3.5.1.23-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.5.2.4-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch"
},
"product_reference": "foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.5.2.4-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src"
},
"product_reference": "foreman-installer-1:3.5.2.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src"
},
"product_reference": "pulpcore-selinux-0:1.3.3-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64"
},
"product_reference": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64 as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.21-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src"
},
"product_reference": "python-django-0:3.2.21-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gitpython-0:3.1.32-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src"
},
"product_reference": "python-gitpython-0:3.1.32-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.21.18-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.21.18-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-0:3.2.21-1.el8pc.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch"
},
"product_reference": "python39-django-0:3.2.21-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-gitpython-0:3.1.32-1.el8pc.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch"
},
"product_reference": "python39-gitpython-0:3.1.32-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.21.18-1.el8pc.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.13.5-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src"
},
"product_reference": "satellite-0:6.13.5-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-capsule-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-maintenance"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.5.1.23-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src"
},
"product_reference": "foreman-0:3.5.1.23-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.13.5-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src"
},
"product_reference": "satellite-0:6.13.5-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.5.1.23-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src"
},
"product_reference": "foreman-0:3.5.1.23-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.5.2.4-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch"
},
"product_reference": "foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.5.2.4-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src"
},
"product_reference": "foreman-installer-1:3.5.2.4-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-service-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch"
},
"product_reference": "foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src"
},
"product_reference": "pulpcore-selinux-0:1.3.3-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64 as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64"
},
"product_reference": "pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "puppet-agent-0:7.26.0-3.el8sat.x86_64 as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
},
"product_reference": "puppet-agent-0:7.26.0-3.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:3.2.21-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src"
},
"product_reference": "python-django-0:3.2.21-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-gitpython-0:3.1.32-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src"
},
"product_reference": "python-gitpython-0:3.1.32-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulpcore-0:3.21.18-1.el8pc.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src"
},
"product_reference": "python-pulpcore-0:3.21.18-1.el8pc.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-django-0:3.2.21-1.el8pc.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch"
},
"product_reference": "python39-django-0:3.2.21-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-gitpython-0:3.1.32-1.el8pc.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch"
},
"product_reference": "python39-gitpython-0:3.1.32-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-pulpcore-0:3.21.18-1.el8pc.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch"
},
"product_reference": "python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src"
},
"product_reference": "rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src"
},
"product_reference": "rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch"
},
"product_reference": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src"
},
"product_reference": "rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-git-0:1.18.0-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch"
},
"product_reference": "rubygem-git-0:1.18.0-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-git-0:1.18.0-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src"
},
"product_reference": "rubygem-git-0:1.18.0-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.7.0.33-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch"
},
"product_reference": "rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.7.0.33-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src"
},
"product_reference": "rubygem-katello-0:4.7.0.33-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.13.5-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src"
},
"product_reference": "satellite-0:6.13.5-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-cli-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.13.5-1.el8sat.noarch as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch"
},
"product_reference": "satellite-common-0:6.13.5-1.el8sat.noarch",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"relates_to_product_reference": "8Base-satellite-6.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64 as a component of Red Hat Satellite 6.13 for RHEL 8",
"product_id": "8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64",
"relates_to_product_reference": "8Base-satellite-6.13"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Elison Niven"
],
"organization": "Sophos",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-1292",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2022-05-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2081494"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: c_rehash script allows command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux uses a system-wide store of trusted certificates bundled in a single file and updated via `update-ca-trust`. The `c_rehash` script is not included in the default installation on any supported RHEL version, and is never executed automatically. For these reasons, this flaw has been rated as having a security impact of Moderate.\n\nRed Hat Enterprise Linux 7 provides a vulnerable version of the `c_rehash` script in the `openssl-perl` package, available only through the unsupported Optional repository. As the Optional repository is not supported and Red Hat Enterprise Linux 7 is in Maintenance Support 2 Phase, this issue is not planned to be addressed there.\n\nRed Hat Satellite ships an affected version of the `c_rehash` script embedded in `puppet-agent` package, however, the product is not vulnerable since it does not execute scripts with untrusted data. Moreover, the scriplet is owned by root user and is supposed to be accessed only by administrators.\n\nRed Hat updates the OpenSSL compatibility packages (compat-openssl) to only address Important or Critical security issues with backported security patches.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1292"
},
{
"category": "external",
"summary": "RHBZ#2081494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1292",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1292"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20220503.txt",
"url": "https://www.openssl.org/news/secadv/20220503.txt"
}
],
"release_date": "2022-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
},
{
"category": "workaround",
"details": "As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: c_rehash script allows command injection"
},
{
"acknowledgments": [
{
"names": [
"Chancen"
],
"organization": "Qingteng 73lab",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-2068",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2022-06-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2097310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: the c_rehash script allows command injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux uses a system-wide store of trusted certificates bundled in a single file and updated via `update-ca-trust`. The `c_rehash` script is not included in the default installation on any supported RHEL version and is never executed automatically. For these reasons, this flaw has been rated as having a security impact of Moderate.\n\nRed Hat Enterprise Linux 7 provides a vulnerable version of the `c_rehash` script in the `openssl-perl` package, available only through the unsupported Optional repository. As the Optional repository is not supported and Red Hat Enterprise Linux 7 is in Maintenance Support 2 Phase, this issue is not planned to be addressed there.\n\nRed Hat Satellite ships an affected version of the `c_rehash` script embedded in `puppet-agent` package, however, the product is not vulnerable since it does not execute scripts with untrusted data. Moreover, the scriplet is owned by root user and is supposed to be accessed only by administrators.\n\nRed Hat updates the OpenSSL compatibility packages (compat-openssl) to only address Important or Critical security issues with backported security patches.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2068"
},
{
"category": "external",
"summary": "RHBZ#2097310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2068"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20220621.txt",
"url": "https://www.openssl.org/news/secadv/20220621.txt"
}
],
"release_date": "2022-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
},
{
"category": "workaround",
"details": "As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command-line tool.",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: the c_rehash script allows command injection"
},
{
"acknowledgments": [
{
"names": [
"Evgeni Golov"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
},
{
"names": [
"Andrew Danau"
],
"organization": "Onsec.io"
}
],
"cve": "CVE-2022-3874",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2022-11-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140577"
}
],
"notes": [
{
"category": "description",
"text": "A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "foreman: OS command injection via ct_command and fcct_command",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3874"
},
{
"category": "external",
"summary": "RHBZ#2140577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140577"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3874"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3874",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3874"
}
],
"release_date": "2023-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "foreman: OS command injection via ct_command and fcct_command"
},
{
"acknowledgments": [
{
"names": [
"Sam Wheating"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-24439",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-12-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2151583"
}
],
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability exists in Git-python. By injecting a malicious URL into the clone command, an attacker can exploit this vulnerability as the library makes external calls to git without any input sanitization. This issue leads to complete system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GitPython: improper user input validation leads into a RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Across all supported releases of Red Hat OpenStack Platform the usage of a compromised GitPython API (clone_from()) is quite limited. The only people capable of exploiting this vulnerability are system administrators. For this reason, the impact has been downgraded to medium.\n\nThe impact to Red Hat OpenStack Platform 17 is rated Low as the compromised function is not in use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24439"
},
{
"category": "external",
"summary": "RHBZ#2151583",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151583"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24439",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24439"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24439",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24439"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858",
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858"
}
],
"release_date": "2022-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "GitPython: improper user input validation leads into a RCE"
},
{
"cve": "CVE-2022-46648",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-01-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2169385"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby-git: code injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46648"
},
{
"category": "external",
"summary": "RHBZ#2169385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46648"
},
{
"category": "external",
"summary": "https://jvn.jp/en/jp/JVN16765254/",
"url": "https://jvn.jp/en/jp/JVN16765254/"
}
],
"release_date": "2023-01-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ruby-git: code injection vulnerability"
},
{
"cve": "CVE-2022-47318",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-01-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2159672"
}
],
"notes": [
{
"category": "description",
"text": "A code injection flaw was found in the ruby-git package. This issue may allow a remote authenticated attacker to execute arbitrary code on the system by using a specially-crafted filename in the repository.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby-git: code injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-47318"
},
{
"category": "external",
"summary": "RHBZ#2159672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159672"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-47318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-47318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47318"
},
{
"category": "external",
"summary": "https://jvn.jp/en/jp/JVN16765254/",
"url": "https://jvn.jp/en/jp/JVN16765254/"
}
],
"release_date": "2023-01-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ruby-git: code injection vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Andrew Danau"
],
"organization": "Onsec.io"
}
],
"cve": "CVE-2023-0462",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2162970"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Satellite/Foreman: Arbitrary code execution through yaml global parameters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0462"
},
{
"category": "external",
"summary": "RHBZ#2162970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0462"
}
],
"release_date": "2023-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Satellite/Foreman: Arbitrary code execution through yaml global parameters"
},
{
"cve": "CVE-2023-3817",
"discovery_date": "2023-07-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2227852"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "OpenSSL: Excessive time spent checking DH q parameter value",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in OpenSSL is considered low severity primarily because it requires specific conditions to be exploited and has limited impact. While excessive computation time during DH parameter checks could potentially lead to denial of service (DoS) attacks, the likelihood of successful exploitation is relatively low. Additionally, the vulnerability mainly affects applications that use certain OpenSSL functions for DH parameter validation, rather than the broader SSL/TLS implementation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3817"
},
{
"category": "external",
"summary": "RHBZ#2227852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227852"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3817"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20230731.txt",
"url": "https://www.openssl.org/news/secadv/20230731.txt"
}
],
"release_date": "2023-07-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "OpenSSL: Excessive time spent checking DH q parameter value"
},
{
"cve": "CVE-2023-31047",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-04-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2192565"
}
],
"notes": [
{
"category": "description",
"text": "A bypass of validation flaw was found in python-django. When uploading multiple files using one form field, an attacker could upload multiple files without validation due to the server only validating the last file uploaded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-django: Potential bypass of validation when uploading multiple files using one form field",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite and Red Hat Update Infrastructure individual impact ratings have been set to Low since initial privileges are required in order to access the server and the vulnerable functionality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-31047"
},
{
"category": "external",
"summary": "RHBZ#2192565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192565"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-31047",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-31047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31047"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2023/may/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2023/may/03/security-releases/"
}
],
"release_date": "2023-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python-django: Potential bypass of validation when uploading multiple files using one form field"
},
{
"cve": "CVE-2023-36053",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-06-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2218004"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-36053"
},
{
"category": "external",
"summary": "RHBZ#2218004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-36053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36053"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-36053",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36053"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/",
"url": "https://www.djangoproject.com/weblog/2023/jul/03/security-releases/"
}
],
"release_date": "2023-07-03T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-40267",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-08-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2231474"
}
],
"notes": [
{
"category": "description",
"text": "An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "GitPython: Insecure non-multi options in clone and clone_from is not blocked",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Openstack, Red Hat Ansible Automation Platform, and Red Hat Certification Program, while the gitpython dependency is present, the affected codebase is not being used. \n\nRed Hat Satellite does not use the affected functions during runtime, therefore the possible impact is limited to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40267"
},
{
"category": "external",
"summary": "RHBZ#2231474",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231474"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40267"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40267",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40267"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-pr76-5cm5-w9cj",
"url": "https://github.com/advisories/GHSA-pr76-5cm5-w9cj"
}
],
"release_date": "2023-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "GitPython: Insecure non-multi options in clone and clone_from is not blocked"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"known_not_affected": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T13:15:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5931"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-satellite-6.13-capsule:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13-capsule:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13-capsule:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13-capsule:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13-capsule:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13-capsule:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13-capsule:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-capsule:satellite-capsule-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-capsule:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13-maintenance:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13-utils:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13-utils:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13-utils:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-0:3.5.1.23-1.el8sat.src",
"8Base-satellite-6.13:foreman-cli-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-debug-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-dynflow-sidekiq-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ec2-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-installer-1:3.5.2.4-1.el8sat.src",
"8Base-satellite-6.13:foreman-installer-katello-1:3.5.2.4-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-journald-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-libvirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-openstack-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-ovirt-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-postgresql-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-service-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-telemetry-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:foreman-vmware-0:3.5.1.23-1.el8sat.noarch",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.src",
"8Base-satellite-6.13:pulpcore-selinux-0:1.3.3-1.el8pc.x86_64",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.src",
"8Base-satellite-6.13:puppet-agent-0:7.26.0-3.el8sat.x86_64",
"8Base-satellite-6.13:python-django-0:3.2.21-1.el8pc.src",
"8Base-satellite-6.13:python-gitpython-0:3.1.32-1.el8pc.src",
"8Base-satellite-6.13:python-pulpcore-0:3.21.18-1.el8pc.src",
"8Base-satellite-6.13:python39-django-0:3.2.21-1.el8pc.noarch",
"8Base-satellite-6.13:python39-gitpython-0:3.1.32-1.el8pc.noarch",
"8Base-satellite-6.13:python39-pulpcore-0:3.21.18-1.el8pc.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_maintain-1:1.2.12-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_rh_cloud-0:7.0.48-1.el8sat.src",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-foreman_theme_satellite-0:11.0.0.6-1.el8sat.src",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-git-0:1.18.0-1.el8sat.src",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.noarch",
"8Base-satellite-6.13:rubygem-katello-0:4.7.0.33-1.el8sat.src",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-0:6.13.5-1.el8sat.src",
"8Base-satellite-6.13:satellite-cli-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:satellite-common-0:6.13.5-1.el8sat.noarch",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.src",
"8Base-satellite-6.13:yggdrasil-worker-forwarder-0:0.0.3-1.el8sat.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5933
Vulnerability from csaf_redhat - Published: 2023-10-26 01:04 - Updated: 2026-07-01 05:36A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64 | — |
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64 | — |
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Secondary Scheduler Operator for Red Hat OpenShift 1.1.3\n\nAn update for secondary-scheduler-operator-bundle-container and secondary-scheduler-operator-container is now available for OSSO-1.1-RHEL-8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Secondary Scheduler Operator for Red Hat OpenShift 1.1.3\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5933",
"url": "https://access.redhat.com/errata/RHSA-2023:5933"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "WRKLDS-878",
"url": "https://issues.redhat.com/browse/WRKLDS-878"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5933.json"
}
],
"title": "Red Hat Security Advisory: Openshift Secondary Scheduler Operator 1.1.3 security update",
"tracking": {
"current_release_date": "2026-07-01T05:36:54+00:00",
"generator": {
"date": "2026-07-01T05:36:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:5933",
"initial_release_date": "2023-10-26T01:04:37+00:00",
"revision_history": [
{
"date": "2023-10-26T01:04:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-26T21:11:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T05:36:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OSSO 1.1 for RHEL 8",
"product": {
"name": "OSSO 1.1 for RHEL 8",
"product_id": "8Base-OSSO-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1.1::el8"
}
}
}
],
"category": "product_family",
"name": "Openshift Secondary Scheduler Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"product": {
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"product_id": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle\u0026tag=v1.1-34"
}
}
},
{
"category": "product_version",
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64",
"product": {
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64",
"product_id": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8\u0026tag=v1.1-37"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64 as a component of OSSO 1.1 for RHEL 8",
"product_id": "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
},
"product_reference": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"relates_to_product_reference": "8Base-OSSO-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64 as a component of OSSO 1.1 for RHEL 8",
"product_id": "8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
},
"product_reference": "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64",
"relates_to_product_reference": "8Base-OSSO-1.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T01:04:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T01:04:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5933"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T01:04:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5933"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"known_not_affected": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T01:04:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5933"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:51458b1eafc32dd920558e757506e9b71856b5b47744284c961c5430766536b2_amd64",
"8Base-OSSO-1.1:openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:fb305e8ee14a0cd1f45da0bdd9000a1f9d0a9c4dd20e300004c3cef26997b9b8_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5935
Vulnerability from csaf_redhat - Published: 2023-10-19 16:50 - Updated: 2026-07-01 05:36A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
|
A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
|
A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
|
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
|
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2.5.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)\n\n* golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5935",
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2223355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223355"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5935.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 security update",
"tracking": {
"current_release_date": "2026-07-01T05:36:55+00:00",
"generator": {
"date": "2026-07-01T05:36:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:5935",
"initial_release_date": "2023-10-19T16:50:07+00:00",
"revision_history": [
{
"date": "2023-10-19T16:50:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-19T16:50:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T05:36:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.2",
"product": {
"name": "Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"product": {
"name": "rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"product_id": "rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel8/osp-director-agent\u0026tag=1.3.0-10"
}
}
},
{
"category": "product_version",
"name": "rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"product": {
"name": "rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"product_id": "rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel8/osp-director-downloader\u0026tag=1.3.0-11"
}
}
},
{
"category": "product_version",
"name": "rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"product": {
"name": "rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"product_id": "rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel8/osp-director-operator-bundle\u0026tag=1.3.0-19"
}
}
},
{
"category": "product_version",
"name": "rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64",
"product": {
"name": "rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64",
"product_id": "rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel8/osp-director-operator\u0026tag=1.3.0-9"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64"
},
"product_reference": "rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64"
},
"product_reference": "rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64"
},
"product_reference": "rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
},
"product_reference": "rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64",
"relates_to_product_reference": "8Base-RHOS-16.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41724",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178492"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: large handshake records may cause panics",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41724"
},
{
"category": "external",
"summary": "RHBZ#2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724"
},
{
"category": "external",
"summary": "https://go.dev/cl/468125",
"url": "https://go.dev/cl/468125"
},
{
"category": "external",
"summary": "https://go.dev/issue/58001",
"url": "https://go.dev/issue/58001"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1570",
"url": "https://pkg.go.dev/vuln/GO-2023-1570"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: large handshake records may cause panics"
},
{
"cve": "CVE-2022-41725",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178488"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, mime/multipart: denial of service from excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41725"
},
{
"category": "external",
"summary": "RHBZ#2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725"
},
{
"category": "external",
"summary": "https://go.dev/cl/468124",
"url": "https://go.dev/cl/468124"
},
{
"category": "external",
"summary": "https://go.dev/issue/58006",
"url": "https://go.dev/issue/58006"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1569",
"url": "https://pkg.go.dev/vuln/GO-2023-1569"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption"
},
{
"cve": "CVE-2023-24532",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2023-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2223355"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24532"
},
{
"category": "external",
"summary": "RHBZ#2223355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223355"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24532",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24532"
},
{
"category": "external",
"summary": "https://go.dev/cl/471255",
"url": "https://go.dev/cl/471255"
},
{
"category": "external",
"summary": "https://go.dev/issue/58647",
"url": "https://go.dev/issue/58647"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY",
"url": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1621",
"url": "https://pkg.go.dev/vuln/GO-2023-1621"
}
],
"release_date": "2023-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results"
},
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T16:50:07+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5935"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-agent@sha256:669c11288ec857369274ef710c6f6ce4ca1355f9e18f43cb9bc49ab089d8f4a6_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-downloader@sha256:79f994acd1e9e2b58143915f73590b1cbb3381b37285088973fef549545b3a8a_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator-bundle@sha256:fe042ad7fa6c0b0cc3645205b817c70ed2498ac8f3d992dfaef5ca921b46da7f_amd64",
"8Base-RHOS-16.2:rhosp-rhel8/osp-director-operator@sha256:451c7a787a5d8560f71928921eee70875c9c3fa58a606f602d6677a9872fea47_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5945
Vulnerability from csaf_redhat - Published: 2023-10-19 19:09 - Updated: 2026-06-28 12:40A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.10.4 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.10.4 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2023-44487) HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5945",
"url": "https://access.redhat.com/errata/RHSA-2023:5945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.10.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.10.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.10"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5945.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.10.4 release and security update",
"tracking": {
"current_release_date": "2026-06-28T12:40:49+00:00",
"generator": {
"date": "2026-06-28T12:40:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2023:5945",
"initial_release_date": "2023-10-19T19:09:23+00:00",
"revision_history": [
{
"date": "2023-10-19T19:09:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-19T19:09:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T12:40:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Broker 7",
"product": {
"name": "Red Hat AMQ Broker 7",
"product_id": "Red Hat AMQ Broker 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T19:09:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5945"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"Red Hat AMQ Broker 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5946
Vulnerability from csaf_redhat - Published: 2023-10-19 19:09 - Updated: 2026-06-28 12:40A flaw was found in Netty's SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ Broker 7
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.11.3 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.11.3 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* (CVE-2023-44487) HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)\n\nNOTE: A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\n* (CVE-2023-34462) netty: io.netty:netty-handler: SniHandler 16MB allocation\n\n* (CVE-2023-40167) jetty: Improper validation of HTTP/1 content-length\n\n* (CVE-2023-41080) tomcat: Open Redirect vulnerability in FORM authentication\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5946",
"url": "https://access.redhat.com/errata/RHSA-2023:5946"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.11.3",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.11.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11"
},
{
"category": "external",
"summary": "2216888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
},
{
"category": "external",
"summary": "2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5946.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.11.3 release and security update",
"tracking": {
"current_release_date": "2026-06-28T12:40:49+00:00",
"generator": {
"date": "2026-06-28T12:40:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2023:5946",
"initial_release_date": "2023-10-19T19:09:23+00:00",
"revision_history": [
{
"date": "2023-10-19T19:09:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-19T19:09:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T12:40:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Broker 7",
"product": {
"name": "Red Hat AMQ Broker 7",
"product_id": "Red Hat AMQ Broker 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34462",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2216888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: SniHandler 16MB allocation leads to OOM",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-34462"
},
{
"category": "external",
"summary": "RHBZ#2216888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
}
],
"release_date": "2023-06-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T19:09:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5946"
},
{
"category": "workaround",
"details": "Configuration of SniHandler with an idle timeout will mitigate this issue.",
"product_ids": [
"Red Hat AMQ Broker 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: SniHandler 16MB allocation leads to OOM"
},
{
"cve": "CVE-2023-40167",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2023-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2239634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Improper validation of HTTP/1 content-length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-40167"
},
{
"category": "external",
"summary": "RHBZ#2239634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6"
}
],
"release_date": "2023-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T19:09:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5946"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Improper validation of HTTP/1 content-length"
},
{
"cve": "CVE-2023-41080",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2023-08-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2235370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. This issue allows a specially crafted URL to trigger a redirect to an arbitrary URL.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Open Redirect vulnerability in FORM authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The pki-servlet-engine package has been obsoleted by the Tomcat package. Therefore, this issue will be fixed in the Tomcat package rather than the pki-serlvet-engine package. Please follow the RHEL Tomcat trackers instead for the updates.\n\nRed Hat Satellite is not directly impacted by this issue, since it does not embed the dependency on their offer deliveries. However, end users of Red Hat Satellite are using Tomcat via RHEL channels, which provides Tomcat dependency needed by candlepin to function in Satellite.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-41080"
},
{
"category": "external",
"summary": "RHBZ#2235370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41080"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f",
"url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f"
}
],
"release_date": "2023-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T19:09:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5946"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Open Redirect vulnerability in FORM authentication"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ Broker 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-19T19:09:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat AMQ Broker 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5946"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"Red Hat AMQ Broker 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ Broker 7"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5947
Vulnerability from csaf_redhat - Published: 2023-10-26 00:47 - Updated: 2026-07-01 05:36A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Workaround
|
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Workaround
|
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr={{.}}") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Workaround
|
A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — | ||
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for run-once-duration-override-container, run-once-duration-override-operator-bundle-container, and run-once-duration-override-operator-container is now available for RODOO-1.0-RHEL-8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Run Once Duration Override Operator for Red Hat OpenShift is an optional\noperator that makes it possible to override activeDeadlineSecondsOverride\nfield during pod admission.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)\n\n* golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532)\n\n* golang: html/template: improper sanitization of CSS values (CVE-2023-24539)\n\n* golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)\n\n* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5947",
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2196026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196026"
},
{
"category": "external",
"summary": "2196027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
},
{
"category": "external",
"summary": "2196029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196029"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2223355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223355"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "OCPBUGS-20489",
"url": "https://issues.redhat.com/browse/OCPBUGS-20489"
},
{
"category": "external",
"summary": "WRKLDS-780",
"url": "https://issues.redhat.com/browse/WRKLDS-780"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5947.json"
}
],
"title": "Red Hat Security Advisory: Run Once Duration Override Operator for Red Hat OpenShift 1.0.1 security update",
"tracking": {
"current_release_date": "2026-07-01T05:36:55+00:00",
"generator": {
"date": "2026-07-01T05:36:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:5947",
"initial_release_date": "2023-10-26T00:47:43+00:00",
"revision_history": [
{
"date": "2023-10-26T00:47:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-26T00:47:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T05:36:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RODOO 1.0 for RHEL 8",
"product": {
"name": "RODOO 1.0 for RHEL 8",
"product_id": "8Base-RODOO-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:run_once_duration_override_operator:1.0::el8"
}
}
}
],
"category": "product_family",
"name": "Run Once Duration Override Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64",
"product": {
"name": "run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64",
"product_id": "run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43?arch=amd64\u0026repository_url=registry.redhat.io/run-once-duration-override-operator/run-once-duration-override-rhel8\u0026tag=v1.0-30"
}
}
},
{
"category": "product_version",
"name": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"product": {
"name": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"product_id": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6?arch=amd64\u0026repository_url=registry.redhat.io/run-once-duration-override-operator/run-once-duration-override-operator-bundle\u0026tag=v1.0-20"
}
}
},
{
"category": "product_version",
"name": "run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"product": {
"name": "run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"product_id": "run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b?arch=amd64\u0026repository_url=registry.redhat.io/run-once-duration-override-operator/run-once-duration-override-operator-rhel8\u0026tag=v1.0-25"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64 as a component of RODOO 1.0 for RHEL 8",
"product_id": "8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64"
},
"product_reference": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"relates_to_product_reference": "8Base-RODOO-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64 as a component of RODOO 1.0 for RHEL 8",
"product_id": "8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
},
"product_reference": "run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"relates_to_product_reference": "8Base-RODOO-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64 as a component of RODOO 1.0 for RHEL 8",
"product_id": "8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
},
"product_reference": "run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64",
"relates_to_product_reference": "8Base-RODOO-1.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-24532",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2023-07-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2223355"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24532"
},
{
"category": "external",
"summary": "RHBZ#2223355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223355"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24532",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24532"
},
{
"category": "external",
"summary": "https://go.dev/cl/471255",
"url": "https://go.dev/cl/471255"
},
{
"category": "external",
"summary": "https://go.dev/issue/58647",
"url": "https://go.dev/issue/58647"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY",
"url": "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1621",
"url": "https://pkg.go.dev/vuln/GO-2023-1621"
}
],
"release_date": "2023-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results"
},
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-24539",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196026"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a \u0027/\u0027 character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper sanitization of CSS values",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, not in the actual code. Thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore, the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24539"
},
{
"category": "external",
"summary": "RHBZ#2196026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196026"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/59720",
"url": "https://github.com/golang/go/issues/59720"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper sanitization of CSS values"
},
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-24540",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196027"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of JavaScript whitespace",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24540"
},
{
"category": "external",
"summary": "RHBZ#2196027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540"
},
{
"category": "external",
"summary": "https://go.dev/issue/59721",
"url": "https://go.dev/issue/59721"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: html/template: improper handling of JavaScript whitespace"
},
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-29400",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196029"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of empty HTML attributes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, not in the actual code. Thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn OpenShift Container Platform and Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected containers are behind OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users, reducing the impact to low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29400"
},
{
"category": "external",
"summary": "RHBZ#2196029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196029"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400"
},
{
"category": "external",
"summary": "https://go.dev/issue/59722",
"url": "https://go.dev/issue/59722"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of empty HTML attributes"
},
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39318",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237776"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of HTML-like comments within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39318"
},
{
"category": "external",
"summary": "RHBZ#2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318"
},
{
"category": "external",
"summary": "https://go.dev/cl/526156",
"url": "https://go.dev/cl/526156"
},
{
"category": "external",
"summary": "https://go.dev/issue/62196",
"url": "https://go.dev/issue/62196"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2041.json",
"url": "https://vuln.go.dev/ID/GO-2023-2041.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of HTML-like comments within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39319",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237773"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of special tags within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39319"
},
{
"category": "external",
"summary": "RHBZ#2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319"
},
{
"category": "external",
"summary": "https://go.dev/cl/526157",
"url": "https://go.dev/cl/526157"
},
{
"category": "external",
"summary": "https://go.dev/issue/62197",
"url": "https://go.dev/issue/62197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2043.json",
"url": "https://vuln.go.dev/ID/GO-2023-2043.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of special tags within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw has been marked as moderate instead of high like NVD \nQUICConn.HandleData buffers data and passes it to handlePostHandshakeMessage every time the buffer contains a complete message, while HandleData doesn\u0027t limit the amount of data it can buffer, a panic or denial of service would likely be lower severity,also in order to exploit this vulnerability, an attacker would have to smuggle partial handshake data which might be rejected altogether as per tls RFC specification.Therfore because of a lower severity denial of service and conditions that are beyond the scope of attackers control,we have marked this as moderate severity",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A vulnerability was found in the Go QUIC protocol implementation in the logic that processes post-handshake messages. It is an uncontrolled resource consumption flaw, triggered when a malicious connection sends data without an enforced upper bound. This leads to unbounded memory growth, causing the service to crash and resulting in a denial of service.The single-dimensional impact of denial of service and the added complexity of whether the resource exhaustion would happen, being out of an attacker\u0027s control,this has been rated as moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"known_not_affected": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-26T00:47:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:5e2f382d233fab6817da02d17459b3e6e8c16f0be58270221b66d87ce3d09cc6_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-operator-rhel8@sha256:a43806835a54ea3c712e1cbb96cd7ff2cd0434912ae1cbc11b4f54524c15c40b_amd64",
"8Base-RODOO-1.0:run-once-duration-override-operator/run-once-duration-override-rhel8@sha256:70c5f120078cec9a22f2e754e5606ebe5d086e38aeb5fc9daac18fced6705f43_amd64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5956
Vulnerability from csaf_redhat - Published: 2023-10-20 11:37 - Updated: 2026-06-28 12:40A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RHBOP 8.38.0 SP2
Red Hat / Red Hat build of OptaPlanner
|
cpe:/a:redhat:optaplanner:::el6
|
— |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of OptaPlanner 8.38.0 for Quarkus 2.13.8 release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat build of OptaPlanner 8.38.0 SP2. The purpose of this text-only erratum is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5956",
"url": "https://access.redhat.com/errata/RHSA-2023:5956"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhbop\u0026version=8.38.0.SP2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=rhbop\u0026version=8.38.0.SP2"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5956.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of OptaPlanner 8.38.0 SP2 security update",
"tracking": {
"current_release_date": "2026-06-28T12:40:49+00:00",
"generator": {
"date": "2026-06-28T12:40:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2023:5956",
"initial_release_date": "2023-10-20T11:37:03+00:00",
"revision_history": [
{
"date": "2023-10-20T11:37:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T11:37:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T12:40:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHBOP 8.38.0 SP2",
"product": {
"name": "RHBOP 8.38.0 SP2",
"product_id": "RHBOP 8.38.0 SP2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:optaplanner:::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat build of OptaPlanner"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"RHBOP 8.38.0 SP2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T11:37:03+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"RHBOP 8.38.0 SP2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5956"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"RHBOP 8.38.0 SP2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"RHBOP 8.38.0 SP2"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5964
Vulnerability from csaf_redhat - Published: 2023-10-20 14:54 - Updated: 2026-07-01 05:37A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for collectd-libpod-stats is now available for Red Hat OpenStack\nPlatform 16.2.5 (Train).\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Collectd plugin for gathering resource usage statistics from containers\ncreated with the libpod library.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)\n\n* golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)\n\n* golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)\n\n* golang: go/parser: Infinite loop in parsing (CVE-2023-24537)\n\n* golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5964",
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "2184481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184481"
},
{
"category": "external",
"summary": "2184482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184482"
},
{
"category": "external",
"summary": "2184483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184483"
},
{
"category": "external",
"summary": "2184484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184484"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5964.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) security update",
"tracking": {
"current_release_date": "2026-07-01T05:37:02+00:00",
"generator": {
"date": "2026-07-01T05:37:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:5964",
"initial_release_date": "2023-10-20T14:54:29+00:00",
"revision_history": [
{
"date": "2023-10-20T14:54:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T14:54:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T05:37:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.2",
"product": {
"name": "Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"product": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"product_id": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.4-5.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"product": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"product_id": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.4-5.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"product": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"product_id": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.4-5.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le"
},
"product_reference": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.src as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src"
},
"product_reference": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
},
"product_reference": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41724",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178492"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: large handshake records may cause panics",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41724"
},
{
"category": "external",
"summary": "RHBZ#2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724"
},
{
"category": "external",
"summary": "https://go.dev/cl/468125",
"url": "https://go.dev/cl/468125"
},
{
"category": "external",
"summary": "https://go.dev/issue/58001",
"url": "https://go.dev/issue/58001"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1570",
"url": "https://pkg.go.dev/vuln/GO-2023-1570"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: large handshake records may cause panics"
},
{
"cve": "CVE-2022-41725",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178488"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, mime/multipart: denial of service from excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41725"
},
{
"category": "external",
"summary": "RHBZ#2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725"
},
{
"category": "external",
"summary": "https://go.dev/cl/468124",
"url": "https://go.dev/cl/468124"
},
{
"category": "external",
"summary": "https://go.dev/issue/58006",
"url": "https://go.dev/issue/58006"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1569",
"url": "https://pkg.go.dev/vuln/GO-2023-1569"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption"
},
{
"cve": "CVE-2023-24534",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184483"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, net/textproto: denial of service from excessive memory allocation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24534"
},
{
"category": "external",
"summary": "RHBZ#2184483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184483"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534"
},
{
"category": "external",
"summary": "https://go.dev/issue/58975",
"url": "https://go.dev/issue/58975"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
"url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
}
],
"release_date": "2023-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, net/textproto: denial of service from excessive memory allocation"
},
{
"cve": "CVE-2023-24536",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184482"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n\n* Conmon uses Go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not-affected.\n* The CVE refers to multipart form parsing routine mime/multipart.Reader.ReadForm, which is not used in Grafana, hence it is not-affected.\n* Butane does not parse multipart forms, hence, it is also not-affected.\nRedhat has marked this vulnerability as moderate as this vulnerability could lead to a potential denial of service when all the resource of a system is consumed which is technically not a clear case of denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24536"
},
{
"category": "external",
"summary": "RHBZ#2184482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184482"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24536"
},
{
"category": "external",
"summary": "https://go.dev/issue/59153",
"url": "https://go.dev/issue/59153"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
"url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
}
],
"release_date": "2023-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption"
},
{
"cve": "CVE-2023-24537",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2023-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184484"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: Infinite loop in parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated Moderate because it allows denial of service condition in Go\u2019s source code parser when processing specially crafted input containing //line directives with excessively large line numbers. Exploitation can cause the parser to enter an infinite loop, consuming CPU resources and rendering services unresponsive. While this issue does not permit code execution or data access, it poses a significant availability impact for systems processing untrusted Go source input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24537"
},
{
"category": "external",
"summary": "RHBZ#2184484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/59180",
"url": "https://github.com/golang/go/issues/59180"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
"url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
}
],
"release_date": "2023-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
},
{
"category": "workaround",
"details": "To mitigate this issue, upgrade Go to version 1.19.8, 1.20.3, or later, where the vulnerability has been addressed.",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: Infinite loop in parsing"
},
{
"cve": "CVE-2023-24538",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2023-04-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2184481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: backticks not treated as string delimiters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The described issue involving Go templates and JavaScript template literals poses a moderate severity rather than an important one due to several mitigating factors. Firstly, the vulnerability requires specific conditions to be met: the presence of Go templates within JavaScript template literals. This limits the scope of affected codebases, reducing the likelihood of exploitation. Additionally, the decision to disallow such interactions in future releases of Go indicates a proactive approach to addressing the issue. Furthermore, the affected packages or components within Red Hat Enterprise Linux, such as Conmon, Grafana, and the RHC package, have been assessed and determined not to be impacted due to their specific usage patterns. So the limited scope of affected systems and the absence of exploitation vectors in specific components within Red Hat Enterprise Linux contribute to categorizing the severity of the issue as moderate.\n\nFor Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* The rhc package do not make use of html/template. Hence, it is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24538"
},
{
"category": "external",
"summary": "RHBZ#2184481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/59234",
"url": "https://github.com/golang/go/issues/59234"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
"url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
}
],
"release_date": "2023-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: backticks not treated as string delimiters"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5964"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.2:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5965
Vulnerability from csaf_redhat - Published: 2023-10-20 14:54 - Updated: 2026-07-01 05:36A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — | ||
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for collectd-libpod-stats and etcd is now available for Red Hat OpenStack Platform 16.2.5 (Train).\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A highly-available key value store for shared configuration\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5965",
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5965.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats, etcd) security update",
"tracking": {
"current_release_date": "2026-07-01T05:36:57+00:00",
"generator": {
"date": "2026-07-01T05:36:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:5965",
"initial_release_date": "2023-10-20T14:54:26+00:00",
"revision_history": [
{
"date": "2023-10-20T14:54:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T14:54:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T05:36:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.2",
"product": {
"name": "Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.src",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.src",
"product_id": "etcd-0:3.3.23-15.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"product": {
"name": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"product_id": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest@1.4.1-2.20230111145026.f7718ef.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang@1.4.1-2.20230111145026.f7718ef.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product": {
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_id": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest-debugsource@1.4.1-2.20230111145026.f7718ef.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang-debuginfo@1.4.1-2.20230111145026.f7718ef.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product": {
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_id": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang@1.4.1-2.20230111145026.f7718ef.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product": {
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_id": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest-debugsource@1.4.1-2.20230111145026.f7718ef.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_id": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang-debuginfo@1.4.1-2.20230111145026.f7718ef.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"product": {
"name": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"product_id": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest@1.4.1-2.20230111145026.f7718ef.el8ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.src as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src"
},
"product_reference": "python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le"
},
"product_reference": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
},
"product_reference": "python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch"
},
"product_reference": "python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le"
},
"product_reference": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le"
},
"product_reference": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29406",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2023-07-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2222167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: insufficient sanitization of Host header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"known_not_affected": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "RHBZ#2222167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
"url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
}
],
"release_date": "2023-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: insufficient sanitization of Host header"
},
{
"cve": "CVE-2023-29409",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-08-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2228743"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"known_not_affected": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29409"
},
{
"category": "external",
"summary": "RHBZ#2228743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
},
{
"category": "external",
"summary": "https://go.dev/cl/515257",
"url": "https://go.dev/cl/515257"
},
{
"category": "external",
"summary": "https://go.dev/issue/61460",
"url": "https://go.dev/issue/61460"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
"url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1987",
"url": "https://pkg.go.dev/vuln/GO-2023-1987"
}
],
"release_date": "2023-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
},
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"known_not_affected": [
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:54:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5965"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.2:python-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.src",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python-octavia-tests-tempest-debugsource-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-0:1.4.1-2.20230111145026.f7718ef.el8ost.noarch",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.ppc64le",
"8Base-RHOS-16.2:python3-octavia-tests-tempest-golang-debuginfo-0:1.4.1-2.20230111145026.f7718ef.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
RHSA-2023:5967
Vulnerability from csaf_redhat - Published: 2023-10-20 14:51 - Updated: 2026-07-01 05:36A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 | — |
Workaround
|
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for collectd-libpod-stats and etcd is now available\nfor Red Hat OpenStack Platform 16.1.9 (Train).\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A highly-available key value store for shared configuration\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5967",
"url": "https://access.redhat.com/errata/RHSA-2023:5967"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5967.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (collectd-libpod-stats, etcd) security update",
"tracking": {
"current_release_date": "2026-07-01T05:36:57+00:00",
"generator": {
"date": "2026-07-01T05:36:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2023:5967",
"initial_release_date": "2023-10-20T14:51:43+00:00",
"revision_history": [
{
"date": "2023-10-20T14:51:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-10-20T14:51:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T05:36:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.1",
"product": {
"name": "Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.src",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.src",
"product_id": "etcd-0:3.3.23-15.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"product": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"product_id": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.4-5.el8ost?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"product": {
"name": "python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"product_id": "python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product_id": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-15.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"product": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"product_id": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.4-5.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product": {
"name": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product_id": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest-debugsource@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product_id": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang-debuginfo@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product_id": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-15.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"product": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"product_id": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/collectd-libpod-stats@1.0.4-5.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product": {
"name": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product_id": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product": {
"name": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product_id": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-octavia-tests-tempest-debugsource@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product_id": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest-golang-debuginfo@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"product": {
"name": "python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"product_id": "python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-octavia-tests-tempest@1.3.0-1.20210528004838.0ae7f10.el8ost?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le"
},
"product_reference": "collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.src as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src"
},
"product_reference": "collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64"
},
"product_reference": "collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.src as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le"
},
"product_reference": "etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src"
},
"product_reference": "python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le"
},
"product_reference": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
},
"product_reference": "python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch"
},
"product_reference": "python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le"
},
"product_reference": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le"
},
"product_reference": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
},
"product_reference": "python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"known_not_affected": [
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:51:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5967"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-20T14:51:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5967"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.ppc64le",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.src",
"8Base-RHOS-16.1:collectd-libpod-stats-0:1.0.4-5.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-15.el8ost.x86_64",
"8Base-RHOS-16.1:python-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.src",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python-octavia-tests-tempest-debugsource-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-0:1.3.0-1.20210528004838.0ae7f10.el8ost.noarch",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.ppc64le",
"8Base-RHOS-16.1:python3-octavia-tests-tempest-golang-debuginfo-0:1.3.0-1.20210528004838.0ae7f10.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.