Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-22195 (GCVE-0-2024-22195)
Vulnerability from cvelistv5 – Published: 2024-01-11 02:25 – Updated: 2025-11-03 21:53
VLAI
EPSS
Title
Jinja vulnerable to Cross-Site Scripting (XSS)
Summary
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
7 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:53:45.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"
},
{
"name": "https://github.com/pallets/jinja/releases/tag/3.1.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/pallets/jinja/releases/tag/3.1.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T19:50:04.135839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:16.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jinja",
"vendor": "pallets",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-27T03:06:22.076Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"
},
{
"name": "https://github.com/pallets/jinja/releases/tag/3.1.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pallets/jinja/releases/tag/3.1.3"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/"
}
],
"source": {
"advisory": "GHSA-h5c8-rqwp-cp95",
"discovery": "UNKNOWN"
},
"title": "Jinja vulnerable to Cross-Site Scripting (XSS)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22195",
"datePublished": "2024-01-11T02:25:44.239Z",
"dateReserved": "2024-01-08T04:59:27.371Z",
"dateUpdated": "2025-11-03T21:53:45.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-22195",
"date": "2026-06-06",
"epss": "0.00151",
"percentile": "0.35484"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-22195\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-01-11T03:15:11.200\",\"lastModified\":\"2025-11-03T22:16:46.677\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.\"},{\"lang\":\"es\",\"value\":\"Jinja es un motor de plantillas extensible. Los marcadores de posici\u00f3n especiales en la plantilla permiten escribir c\u00f3digo similar a la sintaxis de Python. Es posible inyectar atributos HTML arbitrarios en la plantilla HTML renderizada, lo que podr\u00eda generar cross site scripting (XSS). Se puede abusar del filtro Jinja `xmlattr` para inyectar claves y valores de atributos HTML arbitrarios, evitando el mecanismo de escape autom\u00e1tico y potencialmente conduciendo a XSS. Tambi\u00e9n es posible omitir las comprobaciones de validaci\u00f3n de atributos si est\u00e1n basadas en listas negras.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1.3\",\"matchCriteriaId\":\"9DAFDD87-5F1B-4485-9393-7FCA343D18DD\"}]}]}],\"references\":[{\"url\":\"https://github.com/pallets/jinja/releases/tag/3.1.3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pallets/jinja/releases/tag/3.1.3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\", \"name\": \"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/pallets/jinja/releases/tag/3.1.3\", \"name\": \"https://github.com/pallets/jinja/releases/tag/3.1.3\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/12/msg00009.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:53:45.551Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-22195\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-11T19:50:04.135839Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-17T21:07:00.209Z\"}}], \"cna\": {\"title\": \"Jinja vulnerable to Cross-Site Scripting (XSS)\", \"source\": {\"advisory\": \"GHSA-h5c8-rqwp-cp95\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"pallets\", \"product\": \"jinja\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.1.3\"}]}], \"references\": [{\"url\": \"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\", \"name\": \"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pallets/jinja/releases/tag/3.1.3\", \"name\": \"https://github.com/pallets/jinja/releases/tag/3.1.3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-01-27T03:06:22.076Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-22195\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:53:45.551Z\", \"dateReserved\": \"2024-01-08T04:59:27.371Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-01-11T02:25:44.239Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2024:3102
Vulnerability from csaf_redhat - Published: 2024-05-22 09:46 - Updated: 2026-06-02 15:08Summary
Red Hat Security Advisory: python-jinja2 security update
Severity
Moderate
Notes
Topic: An update for python-jinja2 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment.
Security Fix(es):
* jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A cross-site scripting (XSS) flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. This misuse of the xmlattr filter enables the injection of arbitrary HTML attributes, bypassing auto-escaping and potentially circumventing attribute validation checks.
5.4 (Medium)
Affected products
Threats
Impact
Moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python-jinja2 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. \n\nSecurity Fix(es):\n\n* jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3102",
"url": "https://access.redhat.com/errata/RHSA-2024:3102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index"
},
{
"category": "external",
"summary": "2257854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257854"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3102.json"
}
],
"title": "Red Hat Security Advisory: python-jinja2 security update",
"tracking": {
"current_release_date": "2026-06-02T15:08:51+00:00",
"generator": {
"date": "2026-06-02T15:08:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:3102",
"initial_release_date": "2024-05-22T09:46:54+00:00",
"revision_history": [
{
"date": "2024-05-22T09:46:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-22T09:46:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:08:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "python-jinja2-0:2.10.1-4.el8.src",
"product": {
"name": "python-jinja2-0:2.10.1-4.el8.src",
"product_id": "python-jinja2-0:2.10.1-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-jinja2@2.10.1-4.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-jinja2-0:2.10.1-4.el8.noarch",
"product": {
"name": "python3-jinja2-0:2.10.1-4.el8.noarch",
"product_id": "python3-jinja2-0:2.10.1-4.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-jinja2@2.10.1-4.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-jinja2-0:2.10.1-4.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:python-jinja2-0:2.10.1-4.el8.src"
},
"product_reference": "python-jinja2-0:2.10.1-4.el8.src",
"relates_to_product_reference": "AppStream-8.10.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-jinja2-0:2.10.1-4.el8.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.GA:python3-jinja2-0:2.10.1-4.el8.noarch"
},
"product_reference": "python3-jinja2-0:2.10.1-4.el8.noarch",
"relates_to_product_reference": "AppStream-8.10.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22195",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-01-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2257854"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting (XSS) flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. This misuse of the xmlattr filter enables the injection of arbitrary HTML attributes, bypassing auto-escaping and potentially circumventing attribute validation checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: HTML attribute injection when passing user input as keys to xmlattr filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The identified issue is classified as moderate due to a cross-site scripting (XSS) vulnerability in Jinja2. This flaw arises from the xmlattr filter, which permits keys with spaces, contrary to XML/HTML attribute standards. In scenarios where an application accepts user-input keys and renders them for other users, attackers can exploit this vulnerability to inject additional attributes, potentially resulting in XSS attacks. The misuse of the xmlattr filter facilitates the injection of arbitrary HTML attributes, allowing attackers to bypass auto-escaping mechanisms and potentially evade attribute validation checks, posing a moderate security risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.GA:python-jinja2-0:2.10.1-4.el8.src",
"AppStream-8.10.0.GA:python3-jinja2-0:2.10.1-4.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22195"
},
{
"category": "external",
"summary": "RHBZ#2257854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22195"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.3",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.3"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"
}
],
"release_date": "2024-01-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T09:46:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all applications using Jinja2 must be restarted.",
"product_ids": [
"AppStream-8.10.0.GA:python-jinja2-0:2.10.1-4.el8.src",
"AppStream-8.10.0.GA:python3-jinja2-0:2.10.1-4.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.GA:python-jinja2-0:2.10.1-4.el8.src",
"AppStream-8.10.0.GA:python3-jinja2-0:2.10.1-4.el8.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.GA:python-jinja2-0:2.10.1-4.el8.src",
"AppStream-8.10.0.GA:python3-jinja2-0:2.10.1-4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jinja2: HTML attribute injection when passing user input as keys to xmlattr filter"
}
]
}
RHSA-2024:3927
Vulnerability from csaf_redhat - Published: 2024-06-13 14:24 - Updated: 2026-06-06 13:06Summary
Red Hat Security Advisory: Red Hat Ceph Storage 7.1 container image security, and bug fix update
Severity
Moderate
Notes
Topic: A new container image for Red Hat Ceph Storage 7.1 is now available in the
Red Hat Ecosystem Catalog.
Details: Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 7.0 and Red Hat Enterprise Linux 9.2.
Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/7.1/html/release_notes/index
All users of Red Hat Ceph Storage are advised to pull these new images from
the Red Hat Ecosystem catalog, which provides numerous enhancements and bug
fixes.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
7.5 (High)
Affected products
Fixed
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A cross-site scripting (XSS) flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. This misuse of the xmlattr filter enables the injection of arbitrary HTML attributes, bypassing auto-escaping and potentially circumventing attribute validation checks.
5.4 (Medium)
Affected products
Fixed
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new container image for Red Hat Ceph Storage 7.1 is now available in the\nRed Hat Ecosystem Catalog.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.\n\nThis new container image is based on Red Hat Ceph Storage 7.0 and Red Hat Enterprise Linux 9.2.\n\nSpace precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/7.1/html/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from\nthe Red Hat Ecosystem catalog, which provides numerous enhancements and bug\nfixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3927",
"url": "https://access.redhat.com/errata/RHSA-2024:3927"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-39325",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-22195",
"url": "https://access.redhat.com/security/cve/CVE-2024-22195"
},
{
"category": "external",
"summary": "2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "2257854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257854"
},
{
"category": "external",
"summary": "2268114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268114"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3927.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage 7.1 container image security, and bug fix update",
"tracking": {
"current_release_date": "2026-06-06T13:06:01+00:00",
"generator": {
"date": "2026-06-06T13:06:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2024:3927",
"initial_release_date": "2024-06-13T14:24:58+00:00",
"revision_history": [
{
"date": "2024-06-13T14:24:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-06-13T14:24:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-06T13:06:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 7.1 Tools",
"product": {
"name": "Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:7.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64",
"product": {
"name": "rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64",
"product_id": "rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/ceph-nvmeof-cli-rhel9\u0026tag=1.2.13-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64",
"product": {
"name": "rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64",
"product_id": "rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/ceph-nvmeof-rhel9\u0026tag=1.2.13-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64",
"product": {
"name": "rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64",
"product_id": "rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=10.4.0-9"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64",
"product_id": "rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-20"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-28"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64",
"product": {
"name": "rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64",
"product_id": "rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=7-385"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-21"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-67"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le",
"product": {
"name": "rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le",
"product_id": "rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/ceph-nvmeof-cli-rhel9\u0026tag=1.2.13-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le",
"product": {
"name": "rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le",
"product_id": "rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/ceph-nvmeof-rhel9\u0026tag=1.2.13-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le",
"product": {
"name": "rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le",
"product_id": "rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=10.4.0-9"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le",
"product_id": "rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-20"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-28"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le",
"product": {
"name": "rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le",
"product_id": "rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=7-385"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-21"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-67"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x",
"product": {
"name": "rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x",
"product_id": "rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=10.4.0-9"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x",
"product_id": "rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-20"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v2.4.0-28"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x",
"product": {
"name": "rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x",
"product_id": "rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=7-385"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-21"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-67"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le"
},
"product_reference": "rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64"
},
"product_reference": "rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le"
},
"product_reference": "rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64"
},
"product_reference": "rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le"
},
"product_reference": "rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x"
},
"product_reference": "rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64"
},
"product_reference": "rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64"
},
"product_reference": "rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le"
},
"product_reference": "rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x"
},
"product_reference": "rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64 as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x as a component of Red Hat Ceph Storage 7.1 Tools",
"product_id": "9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x",
"relates_to_product_reference": "9Base-RHCEPH-7.1-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-13T14:24:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/7\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3927"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2024-22195",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-01-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2257854"
}
],
"notes": [
{
"category": "description",
"text": "A cross-site scripting (XSS) flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. This misuse of the xmlattr filter enables the injection of arbitrary HTML attributes, bypassing auto-escaping and potentially circumventing attribute validation checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: HTML attribute injection when passing user input as keys to xmlattr filter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The identified issue is classified as moderate due to a cross-site scripting (XSS) vulnerability in Jinja2. This flaw arises from the xmlattr filter, which permits keys with spaces, contrary to XML/HTML attribute standards. In scenarios where an application accepts user-input keys and renders them for other users, attackers can exploit this vulnerability to inject additional attributes, potentially resulting in XSS attacks. The misuse of the xmlattr filter facilitates the injection of arbitrary HTML attributes, allowing attackers to bypass auto-escaping mechanisms and potentially evade attribute validation checks, posing a moderate security risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-22195"
},
{
"category": "external",
"summary": "RHBZ#2257854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22195"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.3",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.3"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"
}
],
"release_date": "2024-01-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-13T14:24:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/7\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3927"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/ceph-nvmeof-rhel9@sha256:345c8760bbbe70b3b992b97ac40d6160e9c55634931a397bb226764ac9dfcb6a_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/grafana-rhel9@sha256:bca988c20c1cc1f0ceb98e44907089ed7e21188c9e928130d32d201ca8f06b37_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:17bbf30b0bf19f3120f0732f1818c55266a5beb1bd36a7d67da1a3fd2bbc8886_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:461ebba0a5b67ae0f95e8a6160de6e68bfdd868bb747df3f77f722ba25edc10e_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-7-rhel9@sha256:dec6015491862315e776ca9397bd0a13b10657e00ed8390367477f1231509ea3_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:405b6e55259c0f8eaca8034f1369cf388e19ba0ec3da3eaea52d23aab7034de1_s390x",
"9Base-RHCEPH-7.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:eadeedfaa124d2ae3cdd5e42180aa17296c555bd231ddd37c89955dd51ff8e39_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64",
"9Base-RHCEPH-7.1-Tools:rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jinja2: HTML attribute injection when passing user input as keys to xmlattr filter"
}
]
}
SUSE-SU-2024:1863-1
Vulnerability from csaf_suse - Published: 2024-05-30 12:18 - Updated: 2024-05-30 12:18Summary
Security update for python-Jinja2
Severity
Moderate
Notes
Title of the patch: Security update for python-Jinja2
Description of the patch: This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
Patchnames: SUSE-2024-1863,SUSE-SLE-Micro-5.3-2024-1863,SUSE-SLE-Micro-5.4-2024-1863,SUSE-SLE-Micro-5.5-2024-1863,SUSE-SLE-Module-Basesystem-15-SP5-2024-1863,SUSE-SLE-Module-Basesystem-15-SP6-2024-1863,SUSE-SUSE-MicroOS-5.1-2024-1863,SUSE-SUSE-MicroOS-5.2-2024-1863,openSUSE-Leap-Micro-5.3-2024-1863,openSUSE-Leap-Micro-5.4-2024-1863,openSUSE-SLE-15.5-2024-1863
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python-Jinja2-vim-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python-Jinja2-vim-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Jinja2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Jinja2 fixes the following issues:\n\n- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1863,SUSE-SLE-Micro-5.3-2024-1863,SUSE-SLE-Micro-5.4-2024-1863,SUSE-SLE-Micro-5.5-2024-1863,SUSE-SLE-Module-Basesystem-15-SP5-2024-1863,SUSE-SLE-Module-Basesystem-15-SP6-2024-1863,SUSE-SUSE-MicroOS-5.1-2024-1863,SUSE-SUSE-MicroOS-5.2-2024-1863,openSUSE-Leap-Micro-5.3-2024-1863,openSUSE-Leap-Micro-5.4-2024-1863,openSUSE-SLE-15.5-2024-1863",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1863-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1863-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241863-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1863-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019260.html"
},
{
"category": "self",
"summary": "SUSE Bug 1218722",
"url": "https://bugzilla.suse.com/1218722"
},
{
"category": "self",
"summary": "SUSE Bug 1223980",
"url": "https://bugzilla.suse.com/1223980"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22195 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34064 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34064/"
}
],
"title": "Security update for python-Jinja2",
"tracking": {
"current_release_date": "2024-05-30T12:18:35Z",
"generator": {
"date": "2024-05-30T12:18:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1863-1",
"initial_release_date": "2024-05-30T12:18:35Z",
"revision_history": [
{
"date": "2024-05-30T12:18:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch",
"product": {
"name": "python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch",
"product_id": "python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "python-Jinja2-vim-2.10.1-150000.3.13.1.noarch",
"product": {
"name": "python-Jinja2-vim-2.10.1-150000.3.13.1.noarch",
"product_id": "python-Jinja2-vim-2.10.1-150000.3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-Jinja2-2.10.1-150000.3.13.1.noarch",
"product": {
"name": "python2-Jinja2-2.10.1-150000.3.13.1.noarch",
"product_id": "python2-Jinja2-2.10.1-150000.3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"product": {
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"product_id": "python3-Jinja2-2.10.1-150000.3.13.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.4",
"product": {
"name": "openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
},
"product_reference": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
},
"product_reference": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
},
"product_reference": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
},
"product_reference": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
},
"product_reference": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
},
"product_reference": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
},
"product_reference": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
},
"product_reference": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch as component of openSUSE Leap Micro 5.4",
"product_id": "openSUSE Leap Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
},
"product_reference": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch"
},
"product_reference": "python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Jinja2-vim-2.10.1-150000.3.13.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python-Jinja2-vim-2.10.1-150000.3.13.1.noarch"
},
"product_reference": "python-Jinja2-vim-2.10.1-150000.3.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
},
"product_reference": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22195"
}
],
"notes": [
{
"category": "general",
"text": "Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python-Jinja2-vim-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22195",
"url": "https://www.suse.com/security/cve/CVE-2024-22195"
},
{
"category": "external",
"summary": "SUSE Bug 1218722 for CVE-2024-22195",
"url": "https://bugzilla.suse.com/1218722"
},
{
"category": "external",
"summary": "SUSE Bug 1223980 for CVE-2024-22195",
"url": "https://bugzilla.suse.com/1223980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python-Jinja2-vim-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python-Jinja2-vim-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-30T12:18:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-22195"
},
{
"cve": "CVE-2024-34064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34064"
}
],
"notes": [
{
"category": "general",
"text": "Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `\u003e`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python-Jinja2-vim-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34064",
"url": "https://www.suse.com/security/cve/CVE-2024-34064"
},
{
"category": "external",
"summary": "SUSE Bug 1223980 for CVE-2024-34064",
"url": "https://bugzilla.suse.com/1223980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python-Jinja2-vim-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python-Jinja2-vim-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap 15.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap Micro 5.3:python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"openSUSE Leap Micro 5.4:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-30T12:18:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-34064"
}
]
}
SUSE-SU-2024:1863-2
Vulnerability from csaf_suse - Published: 2024-05-30 12:18 - Updated: 2024-05-30 12:18Summary
Security update for python-Jinja2
Severity
Moderate
Notes
Title of the patch: Security update for python-Jinja2
Description of the patch: This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
Patchnames: SUSE-2024-1863,SUSE-SLE-Micro-5.5-2024-1863
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.4 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Jinja2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Jinja2 fixes the following issues:\n\n- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1863,SUSE-SLE-Micro-5.5-2024-1863",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1863-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1863-2",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241863-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1863-2",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-July/035963.html"
},
{
"category": "self",
"summary": "SUSE Bug 1218722",
"url": "https://bugzilla.suse.com/1218722"
},
{
"category": "self",
"summary": "SUSE Bug 1223980",
"url": "https://bugzilla.suse.com/1223980"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22195 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34064 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34064/"
}
],
"title": "Security update for python-Jinja2",
"tracking": {
"current_release_date": "2024-05-30T12:18:53Z",
"generator": {
"date": "2024-05-30T12:18:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1863-2",
"initial_release_date": "2024-05-30T12:18:53Z",
"revision_history": [
{
"date": "2024-05-30T12:18:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch",
"product": {
"name": "python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch",
"product_id": "python-Jinja2-emacs-2.10.1-150000.3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "python-Jinja2-vim-2.10.1-150000.3.13.1.noarch",
"product": {
"name": "python-Jinja2-vim-2.10.1-150000.3.13.1.noarch",
"product_id": "python-Jinja2-vim-2.10.1-150000.3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-Jinja2-2.10.1-150000.3.13.1.noarch",
"product": {
"name": "python2-Jinja2-2.10.1-150000.3.13.1.noarch",
"product_id": "python2-Jinja2-2.10.1-150000.3.13.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"product": {
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"product_id": "python3-Jinja2-2.10.1-150000.3.13.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-Jinja2-2.10.1-150000.3.13.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
},
"product_reference": "python3-Jinja2-2.10.1-150000.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22195"
}
],
"notes": [
{
"category": "general",
"text": "Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22195",
"url": "https://www.suse.com/security/cve/CVE-2024-22195"
},
{
"category": "external",
"summary": "SUSE Bug 1218722 for CVE-2024-22195",
"url": "https://bugzilla.suse.com/1218722"
},
{
"category": "external",
"summary": "SUSE Bug 1223980 for CVE-2024-22195",
"url": "https://bugzilla.suse.com/1223980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-30T12:18:53Z",
"details": "moderate"
}
],
"title": "CVE-2024-22195"
},
{
"cve": "CVE-2024-34064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34064"
}
],
"notes": [
{
"category": "general",
"text": "Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `\u003e`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34064",
"url": "https://www.suse.com/security/cve/CVE-2024-34064"
},
{
"category": "external",
"summary": "SUSE Bug 1223980 for CVE-2024-34064",
"url": "https://bugzilla.suse.com/1223980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:python3-Jinja2-2.10.1-150000.3.13.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-30T12:18:53Z",
"details": "moderate"
}
],
"title": "CVE-2024-34064"
}
]
}
SUSE-SU-2024:1864-1
Vulnerability from csaf_suse - Published: 2024-05-30 12:19 - Updated: 2024-05-30 12:19Summary
Security update for python-Jinja2
Severity
Moderate
Notes
Title of the patch: Security update for python-Jinja2
Description of the patch: This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
Patchnames: SUSE-2024-1864,SUSE-SLE-Module-Python3-15-SP5-2024-1864,SUSE-SLE-Module-Python3-15-SP6-2024-1864,openSUSE-SLE-15.5-2024-1864,openSUSE-SLE-15.6-2024-1864
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.4 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Jinja2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Jinja2 fixes the following issues:\n\n- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1864,SUSE-SLE-Module-Python3-15-SP5-2024-1864,SUSE-SLE-Module-Python3-15-SP6-2024-1864,openSUSE-SLE-15.5-2024-1864,openSUSE-SLE-15.6-2024-1864",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1864-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1864-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241864-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1864-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019259.html"
},
{
"category": "self",
"summary": "SUSE Bug 1218722",
"url": "https://bugzilla.suse.com/1218722"
},
{
"category": "self",
"summary": "SUSE Bug 1223980",
"url": "https://bugzilla.suse.com/1223980"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22195 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34064 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34064/"
}
],
"title": "Security update for python-Jinja2",
"tracking": {
"current_release_date": "2024-05-30T12:19:23Z",
"generator": {
"date": "2024-05-30T12:19:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1864-1",
"initial_release_date": "2024-05-30T12:19:23Z",
"revision_history": [
{
"date": "2024-05-30T12:19:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"product": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"product_id": "python311-Jinja2-3.1.2-150400.12.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-Jinja2-3.1.2-150400.12.6.1.i586",
"product": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.i586",
"product_id": "python311-Jinja2-3.1.2-150400.12.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"product": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"product_id": "python311-Jinja2-3.1.2-150400.12.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"product": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"product_id": "python311-Jinja2-3.1.2-150400.12.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"product": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"product_id": "python311-Jinja2-3.1.2-150400.12.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.s390x"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.aarch64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.ppc64le as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.s390x as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.s390x"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.x86_64 as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.s390x"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.s390x"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-150400.12.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64"
},
"product_reference": "python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22195"
}
],
"notes": [
{
"category": "general",
"text": "Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22195",
"url": "https://www.suse.com/security/cve/CVE-2024-22195"
},
{
"category": "external",
"summary": "SUSE Bug 1218722 for CVE-2024-22195",
"url": "https://bugzilla.suse.com/1218722"
},
{
"category": "external",
"summary": "SUSE Bug 1223980 for CVE-2024-22195",
"url": "https://bugzilla.suse.com/1223980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-30T12:19:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-22195"
},
{
"cve": "CVE-2024-34064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34064"
}
],
"notes": [
{
"category": "general",
"text": "Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `\u003e`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34064",
"url": "https://www.suse.com/security/cve/CVE-2024-34064"
},
{
"category": "external",
"summary": "SUSE Bug 1223980 for CVE-2024-34064",
"url": "https://bugzilla.suse.com/1223980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"openSUSE Leap 15.5:python311-Jinja2-3.1.2-150400.12.6.1.x86_64",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.aarch64",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.ppc64le",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.s390x",
"openSUSE Leap 15.6:python311-Jinja2-3.1.2-150400.12.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-05-30T12:19:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-34064"
}
]
}
SUSE-SU-2025:20035-1
Vulnerability from csaf_suse - Published: 2025-02-03 08:53 - Updated: 2025-02-03 08:53Summary
Security update for python-Jinja2
Severity
Moderate
Notes
Title of the patch: Security update for python-Jinja2
Description of the patch: This update for python-Jinja2 fixes the following issues:
- CVE-2024-34064, CVE-2024-22195: HTML attribute injection when passing user input as keys to xmlattr filter (bsc#1223980, bsc#1218722)
Patchnames: SUSE-SLE-Micro-6.0-37
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.4 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-Jinja2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-Jinja2 fixes the following issues:\n\n- CVE-2024-34064, CVE-2024-22195: HTML attribute injection when passing user input as keys to xmlattr filter (bsc#1223980, bsc#1218722)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-37",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20035-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20035-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520035-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20035-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021356.html"
},
{
"category": "self",
"summary": "SUSE Bug 1218722",
"url": "https://bugzilla.suse.com/1218722"
},
{
"category": "self",
"summary": "SUSE Bug 1223980",
"url": "https://bugzilla.suse.com/1223980"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22195 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34064 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34064/"
}
],
"title": "Security update for python-Jinja2",
"tracking": {
"current_release_date": "2025-02-03T08:53:00Z",
"generator": {
"date": "2025-02-03T08:53:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20035-1",
"initial_release_date": "2025-02-03T08:53:00Z",
"revision_history": [
{
"date": "2025-02-03T08:53:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-Jinja2-3.1.2-6.1.aarch64",
"product": {
"name": "python311-Jinja2-3.1.2-6.1.aarch64",
"product_id": "python311-Jinja2-3.1.2-6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-Jinja2-3.1.2-6.1.s390x",
"product": {
"name": "python311-Jinja2-3.1.2-6.1.s390x",
"product_id": "python311-Jinja2-3.1.2-6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-Jinja2-3.1.2-6.1.x86_64",
"product": {
"name": "python311-Jinja2-3.1.2-6.1.x86_64",
"product_id": "python311-Jinja2-3.1.2-6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-6.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.aarch64"
},
"product_reference": "python311-Jinja2-3.1.2-6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-6.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.s390x"
},
"product_reference": "python311-Jinja2-3.1.2-6.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Jinja2-3.1.2-6.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.x86_64"
},
"product_reference": "python311-Jinja2-3.1.2-6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22195"
}
],
"notes": [
{
"category": "general",
"text": "Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.aarch64",
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.s390x",
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22195",
"url": "https://www.suse.com/security/cve/CVE-2024-22195"
},
{
"category": "external",
"summary": "SUSE Bug 1218722 for CVE-2024-22195",
"url": "https://bugzilla.suse.com/1218722"
},
{
"category": "external",
"summary": "SUSE Bug 1223980 for CVE-2024-22195",
"url": "https://bugzilla.suse.com/1223980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.aarch64",
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.s390x",
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.aarch64",
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.s390x",
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:53:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-22195"
},
{
"cve": "CVE-2024-34064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34064"
}
],
"notes": [
{
"category": "general",
"text": "Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `\u003e`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.aarch64",
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.s390x",
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34064",
"url": "https://www.suse.com/security/cve/CVE-2024-34064"
},
{
"category": "external",
"summary": "SUSE Bug 1223980 for CVE-2024-34064",
"url": "https://bugzilla.suse.com/1223980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.aarch64",
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.s390x",
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.aarch64",
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.s390x",
"SUSE Linux Micro 6.0:python311-Jinja2-3.1.2-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:53:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-34064"
}
]
}
WID-SEC-W-2024-0522
Vulnerability from csaf_certbund - Published: 2024-02-29 23:00 - Updated: 2025-07-24 22:00Summary
Red Hat Ansible Automation Platform: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform für die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuführen oder Cross-Site Scripting (XSS)-Angriffe auszuführen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat Ansible Automation Platform 2.4
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.4
|
2.4 | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat Ansible Automation Platform 2.4
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.4
|
2.4 | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat Ansible Automation Platform 2.4
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.4
|
2.4 | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat Ansible Automation Platform 2.4
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.4
|
2.4 | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat Ansible Automation Platform 2.4
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.4
|
2.4 | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat Ansible Automation Platform 2.4
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.4
|
2.4 | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat Ansible Automation Platform 2.4
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.4
|
2.4 | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat Ansible Automation Platform 2.4
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.4
|
2.4 | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat Ansible Automation Platform 2.4
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.4
|
2.4 | |
|
Red Hat Ansible Automation Platform <2.4
Red Hat / Ansible Automation Platform
|
<2.4 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
References
16 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform f\u00fcr die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Dateien zu manipulieren, Phishing-Angriffe durchzuf\u00fchren oder Cross-Site Scripting (XSS)-Angriffe auszuf\u00fchren. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um sie erfolgreich auszunutzen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0522 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0522.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0522 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0522"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1057 vom 2024-02-29",
"url": "https://access.redhat.com/errata/RHSA-2024:1057"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1072 vom 2024-03-04",
"url": "https://access.redhat.com/errata/RHSA-2024:1072"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1155 vom 2024-03-06",
"url": "https://access.redhat.com/errata/RHSA-2024:1155"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1536 vom 2024-03-27",
"url": "https://access.redhat.com/errata/RHSA-2024:1536"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1640 vom 2024-04-02",
"url": "https://access.redhat.com/errata/RHSA-2024:1640"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-5FC8709AA5 vom 2024-04-12",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-5fc8709aa5"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1878 vom 2024-04-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1878"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2348 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2348"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3927 vom 2024-06-14",
"url": "https://access.redhat.com/errata/RHSA-2024:3927"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-645 vom 2024-07-02",
"url": "https://alas.aws.amazon.com/AL2023/ALAS-2024-645.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-644 vom 2024-07-02",
"url": "https://alas.aws.amazon.com/AL2023/ALAS-2024-644.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-11 vom 2024-08-07",
"url": "https://security.gentoo.org/glsa/202408-11"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5828 vom 2024-12-12",
"url": "https://security-tracker.debian.org/tracker/DSA-5828-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"source_lang": "en-US",
"title": "Red Hat Ansible Automation Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-24T22:00:00.000+00:00",
"generator": {
"date": "2025-07-25T07:16:55.501+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-0522",
"initial_release_date": "2024-02-29T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-02-29T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-03-04T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-05T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-27T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-02T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-11T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-13T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-12-11T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-07-24T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "13"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Operator",
"product": {
"name": "IBM MQ Operator",
"product_id": "T036688",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator"
}
}
}
],
"category": "product_name",
"name": "MQ"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.4",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4",
"product_id": "1496312",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.4",
"product": {
"name": "Red Hat Ansible Automation Platform \u003c2.4",
"product_id": "T033201"
}
},
{
"category": "product_version",
"name": "2.4",
"product": {
"name": "Red Hat Ansible Automation Platform 2.4",
"product_id": "T033201-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.4"
}
}
}
],
"category": "product_name",
"name": "Ansible Automation Platform"
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40896",
"product_status": {
"known_affected": [
"2951",
"67646",
"398363",
"T012167",
"T036688",
"1496312",
"T033201",
"74185"
]
},
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2022-40896"
},
{
"cve": "CVE-2023-44271",
"product_status": {
"known_affected": [
"2951",
"67646",
"398363",
"T012167",
"T036688",
"1496312",
"T033201",
"74185"
]
},
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2023-44271"
},
{
"cve": "CVE-2023-47627",
"product_status": {
"known_affected": [
"2951",
"67646",
"398363",
"T012167",
"T036688",
"1496312",
"T033201",
"74185"
]
},
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2023-47627"
},
{
"cve": "CVE-2023-49081",
"product_status": {
"known_affected": [
"2951",
"67646",
"398363",
"T012167",
"T036688",
"1496312",
"T033201",
"74185"
]
},
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2023-49081"
},
{
"cve": "CVE-2023-49082",
"product_status": {
"known_affected": [
"2951",
"67646",
"398363",
"T012167",
"T036688",
"1496312",
"T033201",
"74185"
]
},
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2023-49082"
},
{
"cve": "CVE-2023-52323",
"product_status": {
"known_affected": [
"2951",
"67646",
"398363",
"T012167",
"T036688",
"1496312",
"T033201",
"74185"
]
},
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2023-52323"
},
{
"cve": "CVE-2024-1657",
"product_status": {
"known_affected": [
"2951",
"67646",
"398363",
"T012167",
"T036688",
"1496312",
"T033201",
"74185"
]
},
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2024-1657"
},
{
"cve": "CVE-2024-22195",
"product_status": {
"known_affected": [
"2951",
"67646",
"398363",
"T012167",
"T036688",
"1496312",
"T033201",
"74185"
]
},
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2024-22195"
},
{
"cve": "CVE-2024-24680",
"product_status": {
"known_affected": [
"2951",
"67646",
"398363",
"T012167",
"T036688",
"1496312",
"T033201",
"74185"
]
},
"release_date": "2024-02-29T23:00:00.000+00:00",
"title": "CVE-2024-24680"
}
]
}
WID-SEC-W-2024-0949
Vulnerability from csaf_certbund - Published: 2024-04-23 22:00 - Updated: 2025-07-24 22:00Summary
Red Hat Satellite: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Satellite dient als zentrale Stelle für das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Satellite ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuführen oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Satellite <6.15.0
Red Hat / Satellite
|
<6.15.0 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Satellite dient als zentrale Stelle f\u00fcr das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.\r\nRed Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Satellite ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, HTTP-Request-Smuggling-Angriffe durchzuf\u00fchren oder Phishing- und Cross-Site-Scripting (XSS)-Angriffe auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0949 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0949.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0949 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0949"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-04-23",
"url": "https://access.redhat.com/errata/RHSA-2024:2010"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-9E55564CA7 vom 2024-09-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-9e55564ca7"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-BC19D8CC99 vom 2024-11-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-bc19d8cc99"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"source_lang": "en-US",
"title": "Red Hat Satellite: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-24T22:00:00.000+00:00",
"generator": {
"date": "2025-07-25T07:16:55.888+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-0949",
"initial_release_date": "2024-04-23T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-23T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2025-07-24T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Operator",
"product": {
"name": "IBM MQ Operator",
"product_id": "T036688",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator"
}
}
}
],
"category": "product_name",
"name": "MQ"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "T034361",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.15.0",
"product": {
"name": "Red Hat Satellite \u003c6.15.0",
"product_id": "T034380"
}
},
{
"category": "product_version",
"name": "6.15.0",
"product": {
"name": "Red Hat Satellite 6.15.0",
"product_id": "T034380-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.15.0"
}
}
}
],
"category": "product_name",
"name": "Satellite"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40896",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2022-40896"
},
{
"cve": "CVE-2023-36479",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-36479"
},
{
"cve": "CVE-2023-37276",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-37276"
},
{
"cve": "CVE-2023-38037",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-38037"
},
{
"cve": "CVE-2023-40167",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-40167"
},
{
"cve": "CVE-2023-41164",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-41164"
},
{
"cve": "CVE-2023-4320",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-4320"
},
{
"cve": "CVE-2023-43665",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-43665"
},
{
"cve": "CVE-2023-47627",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-47627"
},
{
"cve": "CVE-2023-49081",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-49081"
},
{
"cve": "CVE-2023-49082",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-49082"
},
{
"cve": "CVE-2023-5189",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-5189"
},
{
"cve": "CVE-2023-52323",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2023-52323"
},
{
"cve": "CVE-2024-21647",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2024-21647"
},
{
"cve": "CVE-2024-22047",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2024-22047"
},
{
"cve": "CVE-2024-22195",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2024-22195"
},
{
"cve": "CVE-2024-23334",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2024-23334"
},
{
"cve": "CVE-2024-23829",
"product_status": {
"known_affected": [
"T034380",
"T034361",
"T036688",
"74185"
]
},
"release_date": "2024-04-23T22:00:00.000+00:00",
"title": "CVE-2024-23829"
}
]
}
WID-SEC-W-2024-1003
Vulnerability from csaf_certbund - Published: 2024-05-01 22:00 - Updated: 2025-09-16 22:00Summary
Red Hat Enterprise Linux: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, Cross-Site Scripting (XSS)-Angriffe durchzuführen oder einen Men-in-the-Middle-Angriff auszuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus <10.1.17
IBM / Spectrum Protect Plus
|
<10.1.17 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux <9
Red Hat / Enterprise Linux
|
<9 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus <10.1.17
IBM / Spectrum Protect Plus
|
<10.1.17 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux <9
Red Hat / Enterprise Linux
|
<9 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus <10.1.17
IBM / Spectrum Protect Plus
|
<10.1.17 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux <9
Red Hat / Enterprise Linux
|
<9 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus <10.1.17
IBM / Spectrum Protect Plus
|
<10.1.17 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux <9
Red Hat / Enterprise Linux
|
<9 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus <10.1.17
IBM / Spectrum Protect Plus
|
<10.1.17 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux <9
Red Hat / Enterprise Linux
|
<9 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus <10.1.17
IBM / Spectrum Protect Plus
|
<10.1.17 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux <9
Red Hat / Enterprise Linux
|
<9 |
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Spectrum Protect Plus <10.1.17
IBM / Spectrum Protect Plus
|
<10.1.17 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat Enterprise Linux <9
Red Hat / Enterprise Linux
|
<9 |
References
39 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, Dateien zu manipulieren, Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren oder einen Men-in-the-Middle-Angriff auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1003 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1003.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1003 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1003"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-05-01",
"url": "https://access.redhat.com/errata/RHSA-2024:2119"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-05-01",
"url": "https://access.redhat.com/errata/RHSA-2024:2132"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-05-01",
"url": "https://access.redhat.com/errata/RHSA-2024:2437"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-05-01",
"url": "https://access.redhat.com/errata/RHSA-2024:2559"
},
{
"category": "external",
"summary": "RedHat Security Advisory vom 2024-05-01",
"url": "https://access.redhat.com/errata/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2559 vom 2024-05-07",
"url": "https://linux.oracle.com/errata/ELSA-2024-2559.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2566 vom 2024-05-09",
"url": "https://linux.oracle.com/errata/ELSA-2024-2566.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2988 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2988"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2968 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2968"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2961 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2961"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2952 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2952"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3102 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3102"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2987 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2987"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3267 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3267"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3264 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:3264"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3321 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3321"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3322 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3322"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3323 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3323"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3324 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3324"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3325 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3325"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2987 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-2987.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3392 vom 2024-05-28",
"url": "https://access.redhat.com/errata/RHSA-2024:3392"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2961 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-2961.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3264 vom 2024-05-30",
"url": "http://linux.oracle.com/errata/ELSA-2024-3264.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-3267 vom 2024-06-01",
"url": "https://linux.oracle.com/errata/ELSA-2024-3267.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4522 vom 2024-07-12",
"url": "https://access.redhat.com/errata/RHSA-2024:4522"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3976-1 vom 2024-11-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019809.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11189 vom 2024-12-17",
"url": "https://access.redhat.com/errata/RHSA-2024:11189"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11238 vom 2024-12-17",
"url": "https://access.redhat.com/errata/RHSA-2024:11238"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-11238 vom 2024-12-19",
"url": "https://linux.oracle.com/errata/ELSA-2024-11238.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0078 vom 2025-01-08",
"url": "https://access.redhat.com/errata/RHSA-2025:0078"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1793 vom 2025-02-25",
"url": "https://access.redhat.com/errata/RHSA-2025:1793"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1813 vom 2025-02-25",
"url": "https://access.redhat.com/errata/RHSA-2025:1813"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2763 vom 2025-02-25",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2763.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7230557 vom 2025-04-10",
"url": "https://www.ibm.com/support/pages/node/7230557"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7240431"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03233-1 vom 2025-09-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZZVWJEPKVYRNPHIHU4HAZXJJSW7AFWHY/"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-09-16T22:00:00.000+00:00",
"generator": {
"date": "2025-09-17T08:06:13.454+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-1003",
"initial_release_date": "2024-05-01T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-09T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-22T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-06-02T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-07-11T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-12-16T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-19T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-01-07T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-24T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-25T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-04-09T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-07-24T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-09-16T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Operator",
"product": {
"name": "IBM MQ Operator",
"product_id": "T036688",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator"
}
}
}
],
"category": "product_name",
"name": "MQ"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.17",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.17",
"product_id": "T042730"
}
},
{
"category": "product_version",
"name": "10.1.17",
"product": {
"name": "IBM Spectrum Protect Plus 10.1.17",
"product_id": "T042730-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.17"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect Plus"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9",
"product": {
"name": "Red Hat Enterprise Linux \u003c9",
"product_id": "T030284"
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T030284-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45803",
"product_status": {
"known_affected": [
"T042730",
"T002207",
"67646",
"398363",
"T036688",
"T004914",
"T030284"
]
},
"release_date": "2024-05-01T22:00:00.000+00:00",
"title": "CVE-2023-45803"
},
{
"cve": "CVE-2024-28102",
"product_status": {
"known_affected": [
"T042730",
"T002207",
"67646",
"398363",
"T036688",
"T004914",
"T030284"
]
},
"release_date": "2024-05-01T22:00:00.000+00:00",
"title": "CVE-2024-28102"
},
{
"cve": "CVE-2023-52323",
"product_status": {
"known_affected": [
"T042730",
"T002207",
"67646",
"398363",
"T036688",
"T004914",
"T030284"
]
},
"release_date": "2024-05-01T22:00:00.000+00:00",
"title": "CVE-2023-52323"
},
{
"cve": "CVE-2024-22195",
"product_status": {
"known_affected": [
"T042730",
"T002207",
"67646",
"398363",
"T036688",
"T004914",
"T030284"
]
},
"release_date": "2024-05-01T22:00:00.000+00:00",
"title": "CVE-2024-22195"
},
{
"cve": "CVE-2024-3019",
"product_status": {
"known_affected": [
"T042730",
"T002207",
"67646",
"398363",
"T036688",
"T004914",
"T030284"
]
},
"release_date": "2024-05-01T22:00:00.000+00:00",
"title": "CVE-2024-3019"
},
{
"cve": "CVE-2023-45897",
"product_status": {
"known_affected": [
"T042730",
"T002207",
"67646",
"398363",
"T036688",
"T004914",
"T030284"
]
},
"release_date": "2024-05-01T22:00:00.000+00:00",
"title": "CVE-2023-45897"
},
{
"cve": "CVE-2024-2307",
"product_status": {
"known_affected": [
"T042730",
"T002207",
"67646",
"398363",
"T036688",
"T004914",
"T030284"
]
},
"release_date": "2024-05-01T22:00:00.000+00:00",
"title": "CVE-2024-2307"
}
]
}
WID-SEC-W-2024-1228
Vulnerability from csaf_certbund - Published: 2024-05-22 22:00 - Updated: 2025-07-24 22:00Summary
Red Hat OpenStack: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenStack ist eine Sammlung von Diensten, um Cloud-Computing in Form von Infrastructure as a Service (IaaS) bereitstellen zu können.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenStack ausnutzen, um Sicherheitsmaßnahmen zu umgehen, eine Denial-of-Service-Zustand zu erzeugen, um vertrauliche Informationen offenzulegen und Daten zu ändern.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenStack <17.1
Red Hat / OpenStack
|
<17.1 | ||
|
Red Hat OpenShift Container Platform <4.12.72
Red Hat / OpenShift
|
Container Platform <4.12.72 | ||
|
IBM MQ Operator
IBM / MQ
|
cpe:/a:ibm:mq:operator
|
Operator | |
|
Red Hat OpenShift Container Platform <4.15.39
Red Hat / OpenShift
|
Container Platform <4.15.39 |
References
28 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenStack ist eine Sammlung von Diensten, um Cloud-Computing in Form von Infrastructure as a Service (IaaS) bereitstellen zu k\u00f6nnen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenStack ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, eine Denial-of-Service-Zustand zu erzeugen, um vertrauliche Informationen offenzulegen und Daten zu \u00e4ndern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1228 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1228.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1228 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1228"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2727 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2727"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2729 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2729"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2730 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2730"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2767 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2767"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2731 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2731"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2732 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2732"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2733 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2733"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2734 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2734"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2735 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2735"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2768 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2768"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2736 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2736"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2770 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2770"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2737 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2737"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2769 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2769"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3352 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3327 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:3327"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3331 vom 2024-05-30",
"url": "https://access.redhat.com/errata/RHSA-2024:3331"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3467 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3713 vom 2024-06-12",
"url": "https://access.redhat.com/errata/RHSA-2024:3713"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4054 vom 2024-06-24",
"url": "https://access.redhat.com/errata/RHSA-2024:4054"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7987 vom 2024-10-10",
"url": "https://access.redhat.com/errata/RHSA-2024:7987"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8688 vom 2024-11-06",
"url": "https://access.redhat.com/errata/RHSA-2024:8688"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07",
"url": "https://access.redhat.com/errata/RHSA-2024:8692"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10142 vom 2024-11-26",
"url": "https://access.redhat.com/errata/RHSA-2024:10142"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0832 vom 2025-02-06",
"url": "https://access.redhat.com/errata/RHSA-2025:0832"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenStack: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-07-24T22:00:00.000+00:00",
"generator": {
"date": "2025-07-25T07:16:56.800+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-1228",
"initial_release_date": "2024-05-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-05-23T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-06-23T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-10T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-06T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-25T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-05T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-07-24T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Operator",
"product": {
"name": "IBM MQ Operator",
"product_id": "T036688",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator"
}
}
}
],
"category": "product_name",
"name": "MQ"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.39",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.39",
"product_id": "T039437"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.39",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.39",
"product_id": "T039437-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.39"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.72",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.72",
"product_id": "T040822"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.72",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.72",
"product_id": "T040822-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.72"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "16.2",
"product": {
"name": "Red Hat OpenStack 16.2",
"product_id": "T023999",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c17.1",
"product": {
"name": "Red Hat OpenStack \u003c17.1",
"product_id": "T031314"
}
},
{
"category": "product_version",
"name": "17.1",
"product": {
"name": "Red Hat OpenStack 17.1",
"product_id": "T031314-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:17.1"
}
}
}
],
"category": "product_name",
"name": "OpenStack"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-1135",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2024-1135"
},
{
"cve": "CVE-2023-39325",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2023-39325"
},
{
"cve": "CVE-2023-44487",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45288",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-4438",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2024-4438"
},
{
"cve": "CVE-2023-39326",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2023-39326"
},
{
"cve": "CVE-2023-45287",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2023-45287"
},
{
"cve": "CVE-2024-1394",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2024-1394"
},
{
"cve": "CVE-2024-24680",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2024-24680"
},
{
"cve": "CVE-2024-1141",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2024-1141"
},
{
"cve": "CVE-2023-45803",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2023-45803"
},
{
"cve": "CVE-2023-48795",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-6725",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2023-6725"
},
{
"cve": "CVE-2023-6110",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2023-6110"
},
{
"cve": "CVE-2024-22195",
"product_status": {
"known_affected": [
"T023999",
"67646",
"T031314",
"T040822",
"T036688",
"T039437"
]
},
"release_date": "2024-05-22T22:00:00.000+00:00",
"title": "CVE-2024-22195"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…