RHSA-2023:5379
Vulnerability from csaf_redhat - Published: 2023-09-28 02:59 - Updated: 2026-01-08 03:27Summary
Red Hat Security Advisory: Network Observability 1.4.0 for OpenShift
Notes
Topic
Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent.
The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
Network Observability 1.4.0
Security Fix(es):
* word-wrap: Regular Expression Denial of Service (CVE-2023-26115)
* nodejs-semver: Regular expression denial of service (CVE-2022-25883)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent.\n\nThe operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Network Observability 1.4.0\n\nSecurity Fix(es):\n\n* word-wrap: Regular Expression Denial of Service (CVE-2023-26115)\n\n* nodejs-semver: Regular expression denial of service (CVE-2022-25883)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:5379",
"url": "https://access.redhat.com/errata/RHSA-2023:5379"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2216475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475"
},
{
"category": "external",
"summary": "2216827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216827"
},
{
"category": "external",
"summary": "NETOBSERV-1009",
"url": "https://issues.redhat.com/browse/NETOBSERV-1009"
},
{
"category": "external",
"summary": "NETOBSERV-1034",
"url": "https://issues.redhat.com/browse/NETOBSERV-1034"
},
{
"category": "external",
"summary": "NETOBSERV-1056",
"url": "https://issues.redhat.com/browse/NETOBSERV-1056"
},
{
"category": "external",
"summary": "NETOBSERV-1107",
"url": "https://issues.redhat.com/browse/NETOBSERV-1107"
},
{
"category": "external",
"summary": "NETOBSERV-1119",
"url": "https://issues.redhat.com/browse/NETOBSERV-1119"
},
{
"category": "external",
"summary": "NETOBSERV-1131",
"url": "https://issues.redhat.com/browse/NETOBSERV-1131"
},
{
"category": "external",
"summary": "NETOBSERV-1137",
"url": "https://issues.redhat.com/browse/NETOBSERV-1137"
},
{
"category": "external",
"summary": "NETOBSERV-1182",
"url": "https://issues.redhat.com/browse/NETOBSERV-1182"
},
{
"category": "external",
"summary": "NETOBSERV-1196",
"url": "https://issues.redhat.com/browse/NETOBSERV-1196"
},
{
"category": "external",
"summary": "NETOBSERV-1224",
"url": "https://issues.redhat.com/browse/NETOBSERV-1224"
},
{
"category": "external",
"summary": "NETOBSERV-1242",
"url": "https://issues.redhat.com/browse/NETOBSERV-1242"
},
{
"category": "external",
"summary": "NETOBSERV-1283",
"url": "https://issues.redhat.com/browse/NETOBSERV-1283"
},
{
"category": "external",
"summary": "NETOBSERV-139",
"url": "https://issues.redhat.com/browse/NETOBSERV-139"
},
{
"category": "external",
"summary": "NETOBSERV-962",
"url": "https://issues.redhat.com/browse/NETOBSERV-962"
},
{
"category": "external",
"summary": "NETOBSERV-975",
"url": "https://issues.redhat.com/browse/NETOBSERV-975"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5379.json"
}
],
"title": "Red Hat Security Advisory: Network Observability 1.4.0 for OpenShift",
"tracking": {
"current_release_date": "2026-01-08T03:27:59+00:00",
"generator": {
"date": "2026-01-08T03:27:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2023:5379",
"initial_release_date": "2023-09-28T02:59:49+00:00",
"revision_history": [
{
"date": "2023-09-28T02:59:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-09-28T02:59:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-08T03:27:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NETOBSERV 1.4 for RHEL 9",
"product": {
"name": "NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_observ_optr:1.4.0::el9"
}
}
}
],
"category": "product_family",
"name": "Network Observability"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582_s390x",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582_s390x",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.4.0-42"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a_s390x",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a_s390x",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.4.0-42"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd_s390x",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd_s390x",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.4.0-42"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26_s390x",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26_s390x",
"product_id": "network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.4.0-55"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f_s390x",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f_s390x",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.4.0-42"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9_amd64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9_amd64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.4.0-42"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5_amd64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5_amd64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.4.0-42"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a_amd64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a_amd64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.4.0-42"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd_amd64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd_amd64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.4.0-55"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1_amd64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1_amd64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.4.0-42"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6_ppc64le",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6_ppc64le",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.4.0-42"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319_ppc64le",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319_ppc64le",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.4.0-42"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee_ppc64le",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee_ppc64le",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.4.0-42"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f_ppc64le",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f_ppc64le",
"product_id": "network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.4.0-55"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0_ppc64le",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0_ppc64le",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.4.0-42"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61_arm64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61_arm64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.4.0-42"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f_arm64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f_arm64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.4.0-42"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7_arm64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7_arm64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.4.0-42"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128_arm64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128_arm64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.4.0-55"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b_arm64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b_arm64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.4.0-42"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61_arm64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61_arm64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6_ppc64le as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6_ppc64le"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9_amd64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9_amd64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582_s390x as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582_s390x"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f_arm64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f_arm64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a_s390x as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a_s390x"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5_amd64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5_amd64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319_ppc64le as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319_ppc64le"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7_arm64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7_arm64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd_s390x as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd_s390x"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a_amd64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a_amd64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee_ppc64le as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee_ppc64le"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128_arm64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128_arm64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd_amd64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd_amd64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f_ppc64le as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f_ppc64le"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26_s390x as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26_s390x"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1_amd64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1_amd64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b_arm64 as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b_arm64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f_s390x as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f_s390x"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0_ppc64le as a component of NETOBSERV 1.4 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0_ppc64le"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25883",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2216475"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the \u0027new Range\u0027 function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-semver: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat Products versus NVD\u0027s High due to deployment context. The flaw in node-semver\u0027s new Range() function causes catastrophic regex backtracking on crafted input, leading to CPU exhaustion. However, exploitation requires untrusted input passed directly to the parser. So node-semver is a build-time dev dependency, not present in runtime environment in RHACM, and the functionality is additionally protected behind OAuth authentication, further limiting attack surface.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25883"
},
{
"category": "external",
"summary": "RHBZ#2216475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
"url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795",
"url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"
}
],
"release_date": "2023-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-28T02:59:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5379"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-semver: Regular expression denial of service"
},
{
"cve": "CVE-2023-26115",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-06-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2216827"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "word-wrap: ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26115"
},
{
"category": "external",
"summary": "RHBZ#2216827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26115",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26115"
}
],
"release_date": "2023-06-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-09-28T02:59:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:5379"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:0211283244126419a203cbca952135abd4f44dde06071344dc77400b9a868e61_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5359d3c92203cfa3eeda959c96677526e8b3cefde46f59d0548379840e3e35e6_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:a4b5cfad89aeff1cc0798caa932b59444c39b06f04d41846859476530f669ad9_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:adf7cff9e8861773f73e5d30940f25565474233029837c4d55a979a1fa926582_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:301e4df92311d658a96dae2d3ff02a2ada999de89545ef96c4ec651faf54b25f_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:5353df15da0a204e5672dfee4f95e6ad17cadb033f8ac827904d50ce01e01a5a_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:79ca8ed3d7436c87c5b7bce35da7b9aba47d8ce9367988e5b169fd46c2d816a5_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ffb45ad2a13c481c9ce6d29795c3b9182e5fe45d2ae2d48bbcfd8058e2aa3319_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:05e733ec54543d5f675ee1f6f27f644a90c9ab30f9678266921cd1c14a9554c7_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:10d863f938182620abf90b0ce533121e78f240166eee1bb62fd8134c126c88fd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6e22bcf4ce8ce50501fb2101205940e072ec2ffb7037f487c8b81a527cfc9d5a_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b58f7999d572ec7e5acef3af3d97f1ee8e20e393502df9971b8a0b0bbe886dee_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:0932d209dbfe7d611e4d2362f0ffc7c17757670b80b691c3fcd7472859ac8128_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:25dfc5ecfc1614d67a9768b8cebb58367cac16c5e541646bb2dc13d75c705bdd_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:78c28048adcd4b2df279ba3bb33dc8082d60430fb121e686d1d2774615c0454f_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e24584ac071694868f26d429505241662c0afd625fdaac6f1b9fabba52060a26_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:0ba541a7141826d6d6f2755add1fd0487ded4a0db34d74733d590d137dcf0da1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:632512065b6c3261f599a43bb9a52354bade428ddc7047f123866b8c5b09940b_arm64",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:83a93f8a7ce0baf98dac07bce26e9340be70966fa8d45132c36be38c5338237f_s390x",
"9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:f766d0fd8688450dbddd31a7d761800e59b1ad681bda11e2ed26efe7403e8ec0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "word-wrap: ReDoS"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…