RHSA-2023:3415
Vulnerability from csaf_redhat - Published: 2023-05-31 19:38 - Updated: 2026-04-29 18:11Summary
Red Hat Security Advisory: ACS 4.0 enhancement and security update
Severity
Important
Notes
Topic: Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes security and bug fixes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of RHACS 4.0.2 includes security fixes for CVE-2023-24540, CVE-2023-24539 and CVE-2023-29400 by building RHACS with updated Golang builder. If you are using an earlier version of RHACS 4.0, you are advised to upgrade to this patch release 4.0.2.
Security Issue(s) fixed:
* golang: html/template: improper sanitization of CSS values (CVE-2023-24539)
* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)
* golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.
7.3 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
8.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr={{.}}") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.
7.3 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
References
23 references
Acknowledgments
Mattermost
Juho Nurminen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes security and bug fixes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of RHACS 4.0.2 includes security fixes for CVE-2023-24540, CVE-2023-24539 and CVE-2023-29400 by building RHACS with updated Golang builder. If you are using an earlier version of RHACS 4.0, you are advised to upgrade to this patch release 4.0.2.\n\nSecurity Issue(s) fixed:\n\n* golang: html/template: improper sanitization of CSS values (CVE-2023-24539)\n\n* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)\n\n* golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3415",
"url": "https://access.redhat.com/errata/RHSA-2023:3415"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/acs/4.0/release_notes/40-release-notes.html",
"url": "https://docs.openshift.com/acs/4.0/release_notes/40-release-notes.html"
},
{
"category": "external",
"summary": "2196026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196026"
},
{
"category": "external",
"summary": "2196027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
},
{
"category": "external",
"summary": "2196029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196029"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3415.json"
}
],
"title": "Red Hat Security Advisory: ACS 4.0 enhancement and security update",
"tracking": {
"current_release_date": "2026-04-29T18:11:36+00:00",
"generator": {
"date": "2026-04-29T18:11:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2023:3415",
"initial_release_date": "2023-05-31T19:38:11+00:00",
"revision_history": [
{
"date": "2023-05-31T19:38:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-31T19:38:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-29T18:11:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.0 for RHEL 8",
"product": {
"name": "RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.0.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.0.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.0.2-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.0.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.0.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.0.2-2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.0.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.0.2-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.0.2-2"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.0.2-2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64 as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"relates_to_product_reference": "8Base-RHACS-4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le as a component of RHACS 4.0 for RHEL 8",
"product_id": "8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-24539",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196026"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a \u0027/\u0027 character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper sanitization of CSS values",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, not in the actual code. Thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore, the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24539"
},
{
"category": "external",
"summary": "RHBZ#2196026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196026"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/59720",
"url": "https://github.com/golang/go/issues/59720"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-31T19:38:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3415"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper sanitization of CSS values"
},
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-24540",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196027"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of JavaScript whitespace",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore the impact is low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-24540"
},
{
"category": "external",
"summary": "RHBZ#2196027",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540"
},
{
"category": "external",
"summary": "https://go.dev/issue/59721",
"url": "https://go.dev/issue/59721"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-31T19:38:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3415"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: html/template: improper handling of JavaScript whitespace"
},
{
"acknowledgments": [
{
"names": [
"Juho Nurminen"
],
"organization": "Mattermost"
}
],
"cve": "CVE-2023-29400",
"cwe": {
"id": "CWE-176",
"name": "Improper Handling of Unicode Encoding"
},
"discovery_date": "2023-05-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2196029"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of empty HTML attributes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, not in the actual code. Thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn OpenShift Container Platform and Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected containers are behind OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users, reducing the impact to low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-29400"
},
{
"category": "external",
"summary": "RHBZ#2196029",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196029"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400"
},
{
"category": "external",
"summary": "https://go.dev/issue/59722",
"url": "https://go.dev/issue/59722"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
"url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
}
],
"release_date": "2023-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-31T19:38:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3415"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:565a01da99320c02437b0bbdaffa35bc8036f09acfcb11410c8222df2a9ac0f2_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9b03aca946f78e31e1a4e0536ac5c5871df33ce1d73bde19e62f12513e1e9bfe_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-central-db-rhel8@sha256:ec389417464ad3fc8d729a1c9b73d7be39949bb7996719b03203b2cc78413376_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:14e0072862fd56196b719a1587bf54e525b7f19f6790c9009ec23dcf9a04d1a9_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:4add4b0542fc1434a8d11a785ca57244f549a4eacf492ef728193e2f63143159_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-rhel8@sha256:d67c6b1abce362da0b158c4fafb6bae1ca5070ac32ebfc9aa16be475ba223690_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:21fb603cbe41821c395b20adf95321b03a93a9eddfaa82f6abd87d181a974c39_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:64a11074a4333a50079ac98cf842c2feaa4226d5f964c171a342d252f42e4438_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:bb2e8930ec4ab4655e79a71b0ff2fbe393599cc93c01505f940f4377a7e59883_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:0efd32861819fac6fcdb611070c30efbbce1d34eaa975c48f793fd7b260d822c_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:382978f67464db840edabc8f33ec517d006712aa4b71f118fcf0dea6edaee313_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-main-rhel8@sha256:93d9310d3e4960e3b9028310b02baa0ce31ab26b1f2579a91951140ef7dcfeff_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:40407c0e28258f463e0e50c2e5d00570e2558c7b34da6c9cb44939c2dd7efba9_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:5d72b09f497d323a6e22931941efe2c3c45bd7018e84ca3e2062f1f890624e9b_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-operator-bundle@sha256:7e08088dc72f668b36f67b18c2ec2cbdb621d547f00699b3fb8d6de0ccbaec57_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:0fbd642c16e0b4e60294c288cc2e69f54bab0fff2c02556272e2f7b076cff6a8_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:44cfa2761d81d4252299f136c244a7c80c674465d718a38d11e0422e3c5414a5_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-rhel8-operator@sha256:a32d3561c4c42fe4787857b4c5743d892323c947c1f0b34ce03d3f4dd383a2f4_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:2dacc084a16471146386295bbb717aa3bf7c6f0cdd1c481fea08ec7795e04731_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:3076a8bca874bda3105218f6572ce745e8d820ad1088ecc22982efcd2f3945b7_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:feabb4aa3cd69446f4a85723d63e17db484f07c73f2f02a6562b9cc0558e3e1e_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:172e8395fd0a6515bda05645536fa9f84d80c11c3ab85643d2910db60faf40d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:728048a303c69ac524c4738808755f4cbd1a391bcbce052f9d777e97942f5959_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:f6f5c1b86e199af5beaf1820c298f21fddab68cd6adb401d674a4e1724ec457f_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:bee2c0243285c9197bdeea46a00cc15867bb439e7c2dc830e3b1501d0c87e5e3_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c4838ac12d5c6d5305d118c98ca008c47b32d5325dedb98c40b5e2a294de94d6_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:dbbfc35b869db36a8075e4476fc80d3e5020dd335618e76998c47f6501dd97cc_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:04239174dd2fcf854f3ce65b313f114e39b556ddb92e2a5a3fe807e9d315af95_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:28dda88671e98ef6c88c3bb3989021fc3650247c10514794de678f0f3822cede_ppc64le",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-rhel8@sha256:dc2bcdfa399edb9855c77f5e9f4c6baeae162234fbf136a129ff60fc1805927a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:3e7c648bbd6b1a1afe10fd3f55de41d43a3ce7f03035e7816f232db54042e65a_amd64",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:4fe44befb2fbf3e945de83ae9b5a39d85627d62e986abc9a8134a2c108e8eb08_s390x",
"8Base-RHACS-4.0:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:58dc77ff1b7cc048003e8eb6fe0ec7a7e0997de5befcbcfcf30b779fb3680e91_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of empty HTML attributes"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…