Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-24790 (GCVE-0-2022-24790)
Vulnerability from cvelistv5
Published
2022-03-30 21:50
Modified
2025-04-23 18:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Summary
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5"
},
{
"name": "DSA-5146",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5146"
},
{
"name": "GLSA-202208-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-28"
},
{
"name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
},
{
"name": "FEDORA-2022-de968d1b6c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/"
},
{
"name": "FEDORA-2022-52d0032596",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/"
},
{
"name": "FEDORA-2022-7c8b29195f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:50:02.994180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:43:11.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "puma",
"vendor": "puma",
"versions": [
{
"status": "affected",
"version": "\u003c 4.3.12"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-12T19:06:40.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5"
},
{
"name": "DSA-5146",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5146"
},
{
"name": "GLSA-202208-28",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-28"
},
{
"name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
},
{
"name": "FEDORA-2022-de968d1b6c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/"
},
{
"name": "FEDORA-2022-52d0032596",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/"
},
{
"name": "FEDORA-2022-7c8b29195f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/"
}
],
"source": {
"advisory": "GHSA-h99w-9q5r-gjq9",
"discovery": "UNKNOWN"
},
"title": "HTTP Request Smuggling in puma",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24790",
"STATE": "PUBLIC",
"TITLE": "HTTP Request Smuggling in puma"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "puma",
"version": {
"version_data": [
{
"version_value": "\u003c 4.3.12"
},
{
"version_value": "\u003e= 5.0.0, \u003c 5.6.4"
}
]
}
}
]
},
"vendor_name": "puma"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9",
"refsource": "CONFIRM",
"url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9"
},
{
"name": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5",
"refsource": "MISC",
"url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5"
},
{
"name": "DSA-5146",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5146"
},
{
"name": "GLSA-202208-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-28"
},
{
"name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
},
{
"name": "FEDORA-2022-de968d1b6c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/"
},
{
"name": "FEDORA-2022-52d0032596",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/"
},
{
"name": "FEDORA-2022-7c8b29195f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/"
}
]
},
"source": {
"advisory": "GHSA-h99w-9q5r-gjq9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24790",
"datePublished": "2022-03-30T21:50:09.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:43:11.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-24790\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-03-30T22:15:08.500\",\"lastModified\":\"2024-11-21T06:51:06.130\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.\"},{\"lang\":\"es\",\"value\":\"Puma es un servidor HTTP versi\u00f3n 1.1 simple, r\u00e1pido, multihilo y paralelo para aplicaciones Ruby/Rack. Cuando es usado Puma detr\u00e1s de un proxy que no comprueba apropiadamente que la petici\u00f3n HTTP entrante coincide con el est\u00e1ndar RFC7230, Puma y el proxy del frontend pueden no estar de acuerdo en d\u00f3nde empieza y termina una petici\u00f3n. Esto permitir\u00eda contrabandear peticiones por medio del proxy del front-end a Puma. La vulnerabilidad ha sido corregida en versiones 5.6.4 y 4.3.12. Se recomienda a usuarios actualizar lo antes posible. Mitigaci\u00f3n: cuando despliegue un proxy frente a Puma, habilite todas las funciones para asegurarse de que la petici\u00f3n se ajusta al est\u00e1ndar RFC7230\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*\",\"versionEndExcluding\":\"4.3.12\",\"matchCriteriaId\":\"345E03BE-2C86-4772-AA09-236D912EC708\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.6.4\",\"matchCriteriaId\":\"C0FF1252-8D38-4832-B0B0-CAEDB2E13F0B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}],\"references\":[{\"url\":\"https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.gentoo.org/glsa/202208-28\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5146\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202208-28\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5146\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"product\": \"puma\", \"vendor\": \"puma\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 4.3.12\"}, {\"status\": \"affected\", \"version\": \"\u003e= 5.0.0, \u003c 5.6.4\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"version\": \"3.1\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-444\", \"description\": \"CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2022-09-12T19:06:40.000Z\", \"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\"}, \"references\": [{\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5\"}, {\"name\": \"DSA-5146\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"], \"url\": \"https://www.debian.org/security/2022/dsa-5146\"}, {\"name\": \"GLSA-202208-28\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"], \"url\": \"https://security.gentoo.org/glsa/202208-28\"}, {\"name\": \"[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"], \"url\": \"https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html\"}, {\"name\": \"FEDORA-2022-de968d1b6c\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"], \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/\"}, {\"name\": \"FEDORA-2022-52d0032596\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"], \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/\"}, {\"name\": \"FEDORA-2022-7c8b29195f\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"], \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/\"}], \"source\": {\"advisory\": \"GHSA-h99w-9q5r-gjq9\", \"discovery\": \"UNKNOWN\"}, \"title\": \"HTTP Request Smuggling in puma\", \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"security-advisories@github.com\", \"ID\": \"CVE-2022-24790\", \"STATE\": \"PUBLIC\", \"TITLE\": \"HTTP Request Smuggling in puma\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"puma\", \"version\": {\"version_data\": [{\"version_value\": \"\u003c 4.3.12\"}, {\"version_value\": \"\u003e= 5.0.0, \u003c 5.6.4\"}]}}]}, \"vendor_name\": \"puma\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.\"}]}, \"impact\": {\"cvss\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"version\": \"3.1\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9\", \"refsource\": \"CONFIRM\", \"url\": \"https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9\"}, {\"name\": \"https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5\", \"refsource\": \"MISC\", \"url\": \"https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5\"}, {\"name\": \"DSA-5146\", \"refsource\": \"DEBIAN\", \"url\": \"https://www.debian.org/security/2022/dsa-5146\"}, {\"name\": \"GLSA-202208-28\", \"refsource\": \"GENTOO\", \"url\": \"https://security.gentoo.org/glsa/202208-28\"}, {\"name\": \"[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update\", \"refsource\": \"MLIST\", \"url\": \"https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html\"}, {\"name\": \"FEDORA-2022-de968d1b6c\", \"refsource\": \"FEDORA\", \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/\"}, {\"name\": \"FEDORA-2022-52d0032596\", \"refsource\": \"FEDORA\", \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/\"}, {\"name\": \"FEDORA-2022-7c8b29195f\", \"refsource\": \"FEDORA\", \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/\"}]}, \"source\": {\"advisory\": \"GHSA-h99w-9q5r-gjq9\", \"discovery\": \"UNKNOWN\"}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:20:50.515Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5\"}, {\"name\": \"DSA-5146\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"], \"url\": \"https://www.debian.org/security/2022/dsa-5146\"}, {\"name\": \"GLSA-202208-28\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"], \"url\": \"https://security.gentoo.org/glsa/202208-28\"}, {\"name\": \"[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"], \"url\": \"https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html\"}, {\"name\": \"FEDORA-2022-de968d1b6c\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"], \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/\"}, {\"name\": \"FEDORA-2022-52d0032596\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"], \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/\"}, {\"name\": \"FEDORA-2022-7c8b29195f\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"], \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24790\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T15:50:02.994180Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-23T15:50:05.546Z\"}}]}",
"cveMetadata": "{\"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"assignerShortName\": \"GitHub_M\", \"cveId\": \"CVE-2022-24790\", \"datePublished\": \"2022-03-30T21:50:09.000Z\", \"dateReserved\": \"2022-02-10T00:00:00.000Z\", \"dateUpdated\": \"2025-04-23T18:43:11.083Z\", \"state\": \"PUBLISHED\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
opensuse-su-2024:13721-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby3.3-rubygem-puma-5-5.6.8-1.1 on GA media
Notes
Title of the patch
ruby3.3-rubygem-puma-5-5.6.8-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.3-rubygem-puma-5-5.6.8-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13721
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.3-rubygem-puma-5-5.6.8-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.3-rubygem-puma-5-5.6.8-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13721",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13721-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16770 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11076 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29509 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41136 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24790/"
}
],
"title": "ruby3.3-rubygem-puma-5-5.6.8-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13721-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"product": {
"name": "ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"product_id": "ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"product": {
"name": "ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"product_id": "ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"product": {
"name": "ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"product_id": "ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64",
"product": {
"name": "ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64",
"product_id": "ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64"
},
"product_reference": "ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le"
},
"product_reference": "ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x"
},
"product_reference": "ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
},
"product_reference": "ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-16770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16770"
}
],
"notes": [
{
"category": "general",
"text": "In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma\u0027s reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16770",
"url": "https://www.suse.com/security/cve/CVE-2019-16770"
},
{
"category": "external",
"summary": "SUSE Bug 1158675 for CVE-2019-16770",
"url": "https://bugzilla.suse.com/1158675"
},
{
"category": "external",
"summary": "SUSE Bug 1188527 for CVE-2019-16770",
"url": "https://bugzilla.suse.com/1188527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-16770"
},
{
"cve": "CVE-2020-11076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11076"
}
],
"notes": [
{
"category": "general",
"text": "In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11076",
"url": "https://www.suse.com/security/cve/CVE-2020-11076"
},
{
"category": "external",
"summary": "SUSE Bug 1172175 for CVE-2020-11076",
"url": "https://bugzilla.suse.com/1172175"
},
{
"category": "external",
"summary": "SUSE Bug 1172176 for CVE-2020-11076",
"url": "https://bugzilla.suse.com/1172176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-11076"
},
{
"cve": "CVE-2021-29509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29509"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29509",
"url": "https://www.suse.com/security/cve/CVE-2021-29509"
},
{
"category": "external",
"summary": "SUSE Bug 1188527 for CVE-2021-29509",
"url": "https://bugzilla.suse.com/1188527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29509"
},
{
"cve": "CVE-2021-41136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41136"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41136",
"url": "https://www.suse.com/security/cve/CVE-2021-41136"
},
{
"category": "external",
"summary": "SUSE Bug 1191681 for CVE-2021-41136",
"url": "https://bugzilla.suse.com/1191681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-41136"
},
{
"cve": "CVE-2022-24790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24790"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24790",
"url": "https://www.suse.com/security/cve/CVE-2022-24790"
},
{
"category": "external",
"summary": "SUSE Bug 1197818 for CVE-2022-24790",
"url": "https://bugzilla.suse.com/1197818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.s390x",
"openSUSE Tumbleweed:ruby3.3-rubygem-puma-5-5.6.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-24790"
}
]
}
opensuse-su-2024:12032-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby3.1-rubygem-puma-4-4.3.12-1.1 on GA media
Notes
Title of the patch
ruby3.1-rubygem-puma-4-4.3.12-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.1-rubygem-puma-4-4.3.12-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12032
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.1-rubygem-puma-4-4.3.12-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.1-rubygem-puma-4-4.3.12-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12032",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12032-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24790/"
}
],
"title": "ruby3.1-rubygem-puma-4-4.3.12-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12032-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-puma-4-4.3.12-1.1.aarch64",
"product": {
"name": "ruby3.1-rubygem-puma-4-4.3.12-1.1.aarch64",
"product_id": "ruby3.1-rubygem-puma-4-4.3.12-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-puma-4-4.3.12-1.1.ppc64le",
"product": {
"name": "ruby3.1-rubygem-puma-4-4.3.12-1.1.ppc64le",
"product_id": "ruby3.1-rubygem-puma-4-4.3.12-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-puma-4-4.3.12-1.1.s390x",
"product": {
"name": "ruby3.1-rubygem-puma-4-4.3.12-1.1.s390x",
"product_id": "ruby3.1-rubygem-puma-4-4.3.12-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-puma-4-4.3.12-1.1.x86_64",
"product": {
"name": "ruby3.1-rubygem-puma-4-4.3.12-1.1.x86_64",
"product_id": "ruby3.1-rubygem-puma-4-4.3.12-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-puma-4-4.3.12-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.aarch64"
},
"product_reference": "ruby3.1-rubygem-puma-4-4.3.12-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-puma-4-4.3.12-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.ppc64le"
},
"product_reference": "ruby3.1-rubygem-puma-4-4.3.12-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-puma-4-4.3.12-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.s390x"
},
"product_reference": "ruby3.1-rubygem-puma-4-4.3.12-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-puma-4-4.3.12-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.x86_64"
},
"product_reference": "ruby3.1-rubygem-puma-4-4.3.12-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24790"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24790",
"url": "https://www.suse.com/security/cve/CVE-2022-24790"
},
{
"category": "external",
"summary": "SUSE Bug 1197818 for CVE-2022-24790",
"url": "https://bugzilla.suse.com/1197818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-4-4.3.12-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-24790"
}
]
}
opensuse-su-2024:13166-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby3.2-rubygem-puma-5-5.6.5-1.7 on GA media
Notes
Title of the patch
ruby3.2-rubygem-puma-5-5.6.5-1.7 on GA media
Description of the patch
These are all security issues fixed in the ruby3.2-rubygem-puma-5-5.6.5-1.7 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13166
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.2-rubygem-puma-5-5.6.5-1.7 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.2-rubygem-puma-5-5.6.5-1.7 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13166",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13166-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16770 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11076 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29509 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41136 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24790/"
}
],
"title": "ruby3.2-rubygem-puma-5-5.6.5-1.7 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13166-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"product": {
"name": "ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"product_id": "ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"product": {
"name": "ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"product_id": "ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"product": {
"name": "ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"product_id": "ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64",
"product": {
"name": "ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64",
"product_id": "ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64"
},
"product_reference": "ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le"
},
"product_reference": "ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x"
},
"product_reference": "ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
},
"product_reference": "ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-16770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16770"
}
],
"notes": [
{
"category": "general",
"text": "In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma\u0027s reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16770",
"url": "https://www.suse.com/security/cve/CVE-2019-16770"
},
{
"category": "external",
"summary": "SUSE Bug 1158675 for CVE-2019-16770",
"url": "https://bugzilla.suse.com/1158675"
},
{
"category": "external",
"summary": "SUSE Bug 1188527 for CVE-2019-16770",
"url": "https://bugzilla.suse.com/1188527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-16770"
},
{
"cve": "CVE-2020-11076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11076"
}
],
"notes": [
{
"category": "general",
"text": "In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11076",
"url": "https://www.suse.com/security/cve/CVE-2020-11076"
},
{
"category": "external",
"summary": "SUSE Bug 1172175 for CVE-2020-11076",
"url": "https://bugzilla.suse.com/1172175"
},
{
"category": "external",
"summary": "SUSE Bug 1172176 for CVE-2020-11076",
"url": "https://bugzilla.suse.com/1172176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-11076"
},
{
"cve": "CVE-2021-29509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29509"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29509",
"url": "https://www.suse.com/security/cve/CVE-2021-29509"
},
{
"category": "external",
"summary": "SUSE Bug 1188527 for CVE-2021-29509",
"url": "https://bugzilla.suse.com/1188527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29509"
},
{
"cve": "CVE-2021-41136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41136"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41136",
"url": "https://www.suse.com/security/cve/CVE-2021-41136"
},
{
"category": "external",
"summary": "SUSE Bug 1191681 for CVE-2021-41136",
"url": "https://bugzilla.suse.com/1191681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-41136"
},
{
"cve": "CVE-2022-24790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24790"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24790",
"url": "https://www.suse.com/security/cve/CVE-2022-24790"
},
{
"category": "external",
"summary": "SUSE Bug 1197818 for CVE-2022-24790",
"url": "https://bugzilla.suse.com/1197818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-puma-5-5.6.5-1.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-24790"
}
]
}
opensuse-su-2024:12592-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ruby3.1-rubygem-puma-5-5.6.5-1.1 on GA media
Notes
Title of the patch
ruby3.1-rubygem-puma-5-5.6.5-1.1 on GA media
Description of the patch
These are all security issues fixed in the ruby3.1-rubygem-puma-5-5.6.5-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12592
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.1-rubygem-puma-5-5.6.5-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.1-rubygem-puma-5-5.6.5-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12592",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12592-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16770 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16770/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11076 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-29509 page",
"url": "https://www.suse.com/security/cve/CVE-2021-29509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41136 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24790/"
}
],
"title": "ruby3.1-rubygem-puma-5-5.6.5-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12592-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"product": {
"name": "ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"product_id": "ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"product": {
"name": "ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"product_id": "ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"product": {
"name": "ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"product_id": "ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64",
"product": {
"name": "ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64",
"product_id": "ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64"
},
"product_reference": "ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le"
},
"product_reference": "ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x"
},
"product_reference": "ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
},
"product_reference": "ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-16770",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16770"
}
],
"notes": [
{
"category": "general",
"text": "In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma\u0027s reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16770",
"url": "https://www.suse.com/security/cve/CVE-2019-16770"
},
{
"category": "external",
"summary": "SUSE Bug 1158675 for CVE-2019-16770",
"url": "https://bugzilla.suse.com/1158675"
},
{
"category": "external",
"summary": "SUSE Bug 1188527 for CVE-2019-16770",
"url": "https://bugzilla.suse.com/1188527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-16770"
},
{
"cve": "CVE-2020-11076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11076"
}
],
"notes": [
{
"category": "general",
"text": "In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11076",
"url": "https://www.suse.com/security/cve/CVE-2020-11076"
},
{
"category": "external",
"summary": "SUSE Bug 1172175 for CVE-2020-11076",
"url": "https://bugzilla.suse.com/1172175"
},
{
"category": "external",
"summary": "SUSE Bug 1172176 for CVE-2020-11076",
"url": "https://bugzilla.suse.com/1172176"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-11076"
},
{
"cve": "CVE-2021-29509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-29509"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-29509",
"url": "https://www.suse.com/security/cve/CVE-2021-29509"
},
{
"category": "external",
"summary": "SUSE Bug 1188527 for CVE-2021-29509",
"url": "https://bugzilla.suse.com/1188527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-29509"
},
{
"cve": "CVE-2021-41136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41136"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41136",
"url": "https://www.suse.com/security/cve/CVE-2021-41136"
},
{
"category": "external",
"summary": "SUSE Bug 1191681 for CVE-2021-41136",
"url": "https://bugzilla.suse.com/1191681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-41136"
},
{
"cve": "CVE-2022-24790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24790"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24790",
"url": "https://www.suse.com/security/cve/CVE-2022-24790"
},
{
"category": "external",
"summary": "SUSE Bug 1197818 for CVE-2022-24790",
"url": "https://bugzilla.suse.com/1197818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-puma-5-5.6.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-24790"
}
]
}
suse-su-2022:3338-1
Vulnerability from csaf_suse
Published
2022-09-22 14:15
Modified
2022-09-22 14:15
Summary
Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma
Notes
Title of the patch
Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma
Description of the patch
This update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma fixes the following issues:
Security updates included on this update:
ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, rabbitmq-server:
- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess. (SOC-11662, bnc#1164139)
- CVE-2021-44716: Fixed uncontrolled memory consumption in go's net/http. (bsc#1193597)
- CVE-2019-11287: Fixed DoS via 'X-Reason' HTTP Header in malicious Erlang format string. (bsc#1157665)
grafana:
- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).
- CVE-2021-44716: Fixed uncontrolled memory consumption in go's net/http (bsc#1193597).
python-Django:
- CVE-2022-28346: Fixed vulnerability that could lead to SQL injection in QuerySet.annotate(),aggregate() and extra(). (bsc#1198398)
- CVE-2022-34265: Fixed vulnerability that could lead to SQL injection via Trunc(kind) and Extract(lookup_name) arguments. (bsc#1201186)
rubygem puma:
- CVE-2022-24790: Fixed HTTP request smuggling vulnerability. (bsc#1197818)
Additional information about the this update:
Changes in ardana-ansible:
- Update to version 8.0+git.1660773729.3789a6d:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-cobbler:
- Update to version 8.0+git.1660773402.d845a45:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in grafana:
- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)
* snapshot authentication bypass
- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)
* Fix Go net/http: limit growth of header canonicalization cache.
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1654529662.75fa04a:
* doc: Comment out language option
Changes in openstack-murano:
- Update to version murano-4.0.2.dev3:
* [stable-only] Remove periodic-stable-jobs template
Changes in openstack-murano:
- Update to version murano-4.0.2.dev3:
* [stable-only] Remove periodic-stable-jobs template
Changes in rabbitmq-server:
- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)
Changes in python-Django:
- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt
to avoid source_validator incorrectly trying to use it as a detached
signature file for the sources tarball.
- Remove unnecessary project.diff file.
- Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)
* Potential SQL injection in QuerySet.annotate(),aggregate() and extra()
- Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)
* SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Changes in rubygem-puma:
- Add CVE-2022-24790: Fixed HTTP request smuggling vulnerability (bsc#1197818).
Patchnames
HPE-Helion-OpenStack-8-2022-3338,SUSE-2022-3338,SUSE-OpenStack-Cloud-8-2022-3338,SUSE-OpenStack-Cloud-Crowbar-8-2022-3338
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma fixes the following issues:\n\nSecurity updates included on this update:\n\nardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, rabbitmq-server:\n- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess. (SOC-11662, bnc#1164139)\n- CVE-2021-44716: Fixed uncontrolled memory consumption in go\u0027s net/http. (bsc#1193597)\n- CVE-2019-11287: Fixed DoS via \u0027X-Reason\u0027 HTTP Header in malicious Erlang format string. (bsc#1157665)\n\ngrafana:\n- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).\n- CVE-2021-44716: Fixed uncontrolled memory consumption in go\u0027s net/http (bsc#1193597).\n\npython-Django:\n- CVE-2022-28346: Fixed vulnerability that could lead to SQL injection in QuerySet.annotate(),aggregate() and extra(). (bsc#1198398)\n- CVE-2022-34265: Fixed vulnerability that could lead to SQL injection via Trunc(kind) and Extract(lookup_name) arguments. (bsc#1201186)\n\nrubygem puma:\n- CVE-2022-24790: Fixed HTTP request smuggling vulnerability. (bsc#1197818)\n\nAdditional information about the this update:\n\nChanges in ardana-ansible:\n- Update to version 8.0+git.1660773729.3789a6d:\n * Mitigate CVE-2020-1734 (SOC-11662)\n\nChanges in ardana-cobbler:\n- Update to version 8.0+git.1660773402.d845a45:\n * Mitigate CVE-2020-1734 (SOC-11662)\n\nChanges in grafana:\n- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)\n * snapshot authentication bypass\n\n- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)\n * Fix Go net/http: limit growth of header canonicalization cache.\n\nChanges in openstack-heat-templates:\n- Update to version 0.0.0+git.1654529662.75fa04a:\n * doc: Comment out language option\n\nChanges in openstack-murano:\n- Update to version murano-4.0.2.dev3:\n * [stable-only] Remove periodic-stable-jobs template\n\nChanges in openstack-murano:\n- Update to version murano-4.0.2.dev3:\n * [stable-only] Remove periodic-stable-jobs template\n\nChanges in rabbitmq-server:\n- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)\n\nChanges in python-Django:\n- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt\n to avoid source_validator incorrectly trying to use it as a detached\n signature file for the sources tarball.\n- Remove unnecessary project.diff file.\n\n- Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)\n * Potential SQL injection in QuerySet.annotate(),aggregate() and extra()\n- Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)\n * SQL injection via Trunc(kind) and Extract(lookup_name) arguments\n\nChanges in rubygem-puma:\n- Add CVE-2022-24790: Fixed HTTP request smuggling vulnerability (bsc#1197818).\n\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2022-3338,SUSE-2022-3338,SUSE-OpenStack-Cloud-8-2022-3338,SUSE-OpenStack-Cloud-Crowbar-8-2022-3338",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3338-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3338-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223338-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3338-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012332.html"
},
{
"category": "self",
"summary": "SUSE Bug 1157665",
"url": "https://bugzilla.suse.com/1157665"
},
{
"category": "self",
"summary": "SUSE Bug 1191454",
"url": "https://bugzilla.suse.com/1191454"
},
{
"category": "self",
"summary": "SUSE Bug 1193597",
"url": "https://bugzilla.suse.com/1193597"
},
{
"category": "self",
"summary": "SUSE Bug 1197818",
"url": "https://bugzilla.suse.com/1197818"
},
{
"category": "self",
"summary": "SUSE Bug 1198398",
"url": "https://bugzilla.suse.com/1198398"
},
{
"category": "self",
"summary": "SUSE Bug 1201186",
"url": "https://bugzilla.suse.com/1201186"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11287 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1734 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39226 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44716 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28346 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-34265 page",
"url": "https://www.suse.com/security/cve/CVE-2022-34265/"
}
],
"title": "Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma",
"tracking": {
"current_release_date": "2022-09-22T14:15:54Z",
"generator": {
"date": "2022-09-22T14:15:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3338-1",
"initial_release_date": "2022-09-22T14:15:54Z",
"revision_history": [
{
"date": "2022-09-22T14:15:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.aarch64",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.aarch64",
"product_id": "erlang-rabbitmq-client-3.6.16-3.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-4.23.1.aarch64",
"product": {
"name": "grafana-6.7.4-4.23.1.aarch64",
"product_id": "grafana-6.7.4-4.23.1.aarch64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-3.13.1.aarch64",
"product": {
"name": "rabbitmq-server-3.6.16-3.13.1.aarch64",
"product_id": "rabbitmq-server-3.6.16-3.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.aarch64",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.aarch64",
"product_id": "rabbitmq-server-plugins-3.6.16-3.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.aarch64",
"product_id": "ruby2.1-rubygem-puma-2.16.0-3.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.aarch64",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"product": {
"name": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"product_id": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch"
}
},
{
"category": "product_version",
"name": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"product": {
"name": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"product_id": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"product": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"product_id": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
"product": {
"name": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
"product_id": "openstack-murano-4.0.2~dev3-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"product": {
"name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"product_id": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"product": {
"name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"product_id": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"product": {
"name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"product_id": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "python-Django-1.11.29-3.42.1.noarch",
"product": {
"name": "python-Django-1.11.29-3.42.1.noarch",
"product_id": "python-Django-1.11.29-3.42.1.noarch"
}
},
{
"category": "product_version",
"name": "python-murano-4.0.2~dev3-3.12.1.noarch",
"product": {
"name": "python-murano-4.0.2~dev3-3.12.1.noarch",
"product_id": "python-murano-4.0.2~dev3-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"product": {
"name": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"product_id": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"product": {
"name": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"product_id": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"product": {
"name": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"product_id": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-murano-test-4.0.2~dev3-3.12.1.noarch",
"product": {
"name": "openstack-murano-test-4.0.2~dev3-3.12.1.noarch",
"product_id": "openstack-murano-test-4.0.2~dev3-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-Django-1.11.29-3.42.1.noarch",
"product": {
"name": "python3-Django-1.11.29-3.42.1.noarch",
"product_id": "python3-Django-1.11.29-3.42.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"product": {
"name": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"product_id": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.ppc64le",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.ppc64le",
"product_id": "erlang-rabbitmq-client-3.6.16-3.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-4.23.1.ppc64le",
"product": {
"name": "grafana-6.7.4-4.23.1.ppc64le",
"product_id": "grafana-6.7.4-4.23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-3.13.1.ppc64le",
"product": {
"name": "rabbitmq-server-3.6.16-3.13.1.ppc64le",
"product_id": "rabbitmq-server-3.6.16-3.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.ppc64le",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.ppc64le",
"product_id": "rabbitmq-server-plugins-3.6.16-3.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.ppc64le",
"product_id": "ruby2.1-rubygem-puma-2.16.0-3.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.ppc64le",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.s390x",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.s390x",
"product_id": "erlang-rabbitmq-client-3.6.16-3.13.1.s390x"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-4.23.1.s390x",
"product": {
"name": "grafana-6.7.4-4.23.1.s390x",
"product_id": "grafana-6.7.4-4.23.1.s390x"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-3.13.1.s390x",
"product": {
"name": "rabbitmq-server-3.6.16-3.13.1.s390x",
"product_id": "rabbitmq-server-3.6.16-3.13.1.s390x"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.s390x",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.s390x",
"product_id": "rabbitmq-server-plugins-3.6.16-3.13.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.s390x",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.s390x",
"product_id": "ruby2.1-rubygem-puma-2.16.0-3.18.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.s390x",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.s390x",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-6.7.4-4.23.1.x86_64",
"product": {
"name": "grafana-6.7.4-4.23.1.x86_64",
"product_id": "grafana-6.7.4-4.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-3.13.1.x86_64",
"product": {
"name": "rabbitmq-server-3.6.16-3.13.1.x86_64",
"product_id": "rabbitmq-server-3.6.16-3.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"product_id": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.x86_64",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-3.13.1.x86_64",
"product_id": "erlang-rabbitmq-client-3.6.16-3.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64",
"product_id": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.x86_64",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-3.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch"
},
"product_reference": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch"
},
"product_reference": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-4.23.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64"
},
"product_reference": "grafana-6.7.4-4.23.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch"
},
"product_reference": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Django-1.11.29-3.42.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch"
},
"product_reference": "python-Django-1.11.29-3.42.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-murano-4.0.2~dev3-3.12.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "python-murano-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-3.6.16-3.13.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64"
},
"product_reference": "rabbitmq-server-3.6.16-3.13.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64"
},
"product_reference": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch"
},
"product_reference": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch"
},
"product_reference": "venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch"
},
"product_reference": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch"
},
"product_reference": "ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch"
},
"product_reference": "ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-4.23.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64"
},
"product_reference": "grafana-6.7.4-4.23.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch"
},
"product_reference": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Django-1.11.29-3.42.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch"
},
"product_reference": "python-Django-1.11.29-3.42.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-murano-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "python-murano-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-3.6.16-3.13.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64"
},
"product_reference": "rabbitmq-server-3.6.16-3.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64"
},
"product_reference": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch"
},
"product_reference": "venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch"
},
"product_reference": "venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch"
},
"product_reference": "venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-4.23.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64"
},
"product_reference": "grafana-6.7.4-4.23.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch"
},
"product_reference": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Django-1.11.29-3.42.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch"
},
"product_reference": "python-Django-1.11.29-3.42.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-murano-4.0.2~dev3-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch"
},
"product_reference": "python-murano-4.0.2~dev3-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-3.6.16-3.13.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64"
},
"product_reference": "rabbitmq-server-3.6.16-3.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64"
},
"product_reference": "rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11287"
}
],
"notes": [
{
"category": "general",
"text": "Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The \"X-Reason\" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11287",
"url": "https://www.suse.com/security/cve/CVE-2019-11287"
},
{
"category": "external",
"summary": "SUSE Bug 1157665 for CVE-2019-11287",
"url": "https://bugzilla.suse.com/1157665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2019-11287"
},
{
"cve": "CVE-2020-1734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1734"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1734",
"url": "https://www.suse.com/security/cve/CVE-2020-1734"
},
{
"category": "external",
"summary": "SUSE Bug 1164139 for CVE-2020-1734",
"url": "https://bugzilla.suse.com/1164139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2020-1734"
},
{
"cve": "CVE-2021-39226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39226"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39226",
"url": "https://www.suse.com/security/cve/CVE-2021-39226"
},
{
"category": "external",
"summary": "SUSE Bug 1191454 for CVE-2021-39226",
"url": "https://bugzilla.suse.com/1191454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2021-39226"
},
{
"cve": "CVE-2021-44716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44716"
}
],
"notes": [
{
"category": "general",
"text": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44716",
"url": "https://www.suse.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "SUSE Bug 1193597 for CVE-2021-44716",
"url": "https://bugzilla.suse.com/1193597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2022-24790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24790"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24790",
"url": "https://www.suse.com/security/cve/CVE-2022-24790"
},
{
"category": "external",
"summary": "SUSE Bug 1197818 for CVE-2022-24790",
"url": "https://bugzilla.suse.com/1197818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2022-24790"
},
{
"cve": "CVE-2022-28346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28346",
"url": "https://www.suse.com/security/cve/CVE-2022-28346"
},
{
"category": "external",
"summary": "SUSE Bug 1198398 for CVE-2022-28346",
"url": "https://bugzilla.suse.com/1198398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2022-28346"
},
{
"cve": "CVE-2022-34265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-34265"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-34265",
"url": "https://www.suse.com/security/cve/CVE-2022-34265"
},
{
"category": "external",
"summary": "SUSE Bug 1201186 for CVE-2022-34265",
"url": "https://bugzilla.suse.com/1201186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"HPE Helion OpenStack 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"HPE Helion OpenStack 8:grafana-6.7.4-4.23.1.x86_64",
"HPE Helion OpenStack 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:python-Django-1.11.29-3.42.1.noarch",
"HPE Helion OpenStack 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"HPE Helion OpenStack 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"HPE Helion OpenStack 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1.noarch",
"HPE Helion OpenStack 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud 8:ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1.noarch",
"SUSE OpenStack Cloud 8:ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1.noarch",
"SUSE OpenStack Cloud 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud 8:venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1.noarch",
"SUSE OpenStack Cloud 8:venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:grafana-6.7.4-4.23.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-api-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-doc-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:openstack-murano-engine-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.42.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:python-murano-4.0.2~dev3-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins-3.6.16-3.13.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-puma-2.16.0-3.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:15:54Z",
"details": "important"
}
],
"title": "CVE-2022-34265"
}
]
}
suse-su-2022:3571-1
Vulnerability from csaf_suse
Published
2022-10-13 05:34
Modified
2022-10-13 05:34
Summary
Security update for rubygem-puma
Notes
Title of the patch
Security update for rubygem-puma
Description of the patch
This update for rubygem-puma fixes the following issues:
Updated to version 4.3.12:
- CVE-2022-24790: Fixed HTTP request smuggling if proxy is not RFC7230 compliant (bsc#1197818).
Patchnames
SUSE-2022-3571,SUSE-SLE-Product-HA-15-2022-3571,SUSE-SLE-Product-HA-15-SP1-2022-3571,SUSE-SLE-Product-HA-15-SP2-2022-3571,SUSE-SLE-Product-HA-15-SP3-2022-3571,SUSE-SLE-Product-HA-15-SP4-2022-3571,openSUSE-SLE-15.3-2022-3571,openSUSE-SLE-15.4-2022-3571
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-puma",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rubygem-puma fixes the following issues:\n\n Updated to version 4.3.12:\n - CVE-2022-24790: Fixed HTTP request smuggling if proxy is not RFC7230 compliant (bsc#1197818).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3571,SUSE-SLE-Product-HA-15-2022-3571,SUSE-SLE-Product-HA-15-SP1-2022-3571,SUSE-SLE-Product-HA-15-SP2-2022-3571,SUSE-SLE-Product-HA-15-SP3-2022-3571,SUSE-SLE-Product-HA-15-SP4-2022-3571,openSUSE-SLE-15.3-2022-3571,openSUSE-SLE-15.4-2022-3571",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3571-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3571-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223571-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3571-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012533.html"
},
{
"category": "self",
"summary": "SUSE Bug 1197818",
"url": "https://bugzilla.suse.com/1197818"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24790/"
}
],
"title": "Security update for rubygem-puma",
"tracking": {
"current_release_date": "2022-10-13T05:34:57Z",
"generator": {
"date": "2022-10-13T05:34:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3571-1",
"initial_release_date": "2022-10-13T05:34:57Z",
"revision_history": [
{
"date": "2022-10-13T05:34:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"product": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"product_id": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64",
"product": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64",
"product_id": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.i586",
"product": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.i586",
"product_id": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.i586",
"product": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.i586",
"product_id": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"product": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"product_id": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le",
"product": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le",
"product_id": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"product": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"product_id": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x",
"product": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x",
"product_id": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"product": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"product_id": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64",
"product": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64",
"product_id": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP1",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP1",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP2",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP3",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64"
},
"product_reference": "ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24790"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24790",
"url": "https://www.suse.com/security/cve/CVE-2022-24790"
},
{
"category": "external",
"summary": "SUSE Bug 1197818 for CVE-2022-24790",
"url": "https://bugzilla.suse.com/1197818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15 SP4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x",
"openSUSE Leap 15.3:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-4.3.12-150000.3.9.1.x86_64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.aarch64",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.ppc64le",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.s390x",
"openSUSE Leap 15.4:ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-13T05:34:57Z",
"details": "important"
}
],
"title": "CVE-2022-24790"
}
]
}
suse-su-2022:3339-1
Vulnerability from csaf_suse
Published
2022-09-22 14:16
Modified
2022-09-22 14:16
Summary
Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma
Notes
Title of the patch
Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma
Description of the patch
This update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma fixes the following issues:
Security fixes included in this update:
ardana-ansible:
- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess (SOC-11662, bnc#1164139).
grafana:
- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).
rabbitmq-server:
- CVE-2019-11287: Fixed DoS via 'X-Reason' HTTP Header in malicious Erlang format string (bsc#1157665).
rubygem-puma:
- CVE-2022-24790: Fixed HTTP request smuggling (bsc#1197818).
python-Django1:
- CVE-2022-28346: Fixed vulnerability allowing SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398).
- CVE-2022-34265: Fixed vulnerability allowing SQL injection via Trunc(kind) and Extract(lookup_name) arguments (bsc#1201186).
Bugfixes:
- Disabled two barbican tests (SOC-8764).
Non-security fixes included on this update:
Changes in ardana-ansible:
- Update to version 9.0+git.1660748476.c118d23:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-cobbler:
- Update to version 9.0+git.1660747489.119efcd:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-tempest:
- Update to version 9.0+git.1651855288.a2341ad:
* Disable two barbican tests (SOC-8764)
Changes in grafana:
- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)
* snapshot authentication bypass
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1654529662.75fa04a7:
* doc: Comment out language option
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev4:
* remove legacy servicechain code
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev46:
* Remove logs
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev45:
* FIP Status active after dissociate
- Update to version group-based-policy-14.0.1.dev43:
* fixed apic synchronization state for multiple erspan session
- Update to version group-based-policy-14.0.1.dev41:
* Remove\_legacy\_service\_chain\_code(2)
- Update to version group-based-policy-14.0.1.dev39:
* data-migrations spelling fixes
2014.2rc1
- Update to version group-based-policy-14.0.1.dev38:
* Adding support for address group feature in upstream
- Update to version group-based-policy-14.0.1.dev36:
* Add support for yoga
2014.2.rc1
- Update to version group-based-policy-14.0.1.dev35:
* Removed\_legacy\_service\_chain\_code
2014.2rc1
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in python-Djanjo1:
- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt
to avoid source_validator incorrectly trying to use it as a detached
signature file for the sources tarball.
- Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)
* Potential SQL injection in QuerySet.annotate(),aggregate() and extra()
- Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)
* SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Changes in rabbitmq-server:
- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)
Changes in rubygem-puma:
- Add CVE-2022-24790 patch (bsc#1197818, CVE-2022-24790).
Patchnames
SUSE-2022-3339,SUSE-OpenStack-Cloud-9-2022-3339,SUSE-OpenStack-Cloud-Crowbar-9-2022-3339
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma fixes the following issues:\n\nSecurity fixes included in this update:\n\nardana-ansible:\n- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in a pipe lookup plugin subprocess (SOC-11662, bnc#1164139).\ngrafana:\n- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).\nrabbitmq-server:\n- CVE-2019-11287: Fixed DoS via \u0027X-Reason\u0027 HTTP Header in malicious Erlang format string (bsc#1157665).\nrubygem-puma:\n- CVE-2022-24790: Fixed HTTP request smuggling (bsc#1197818).\npython-Django1:\n- CVE-2022-28346: Fixed vulnerability allowing SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398).\n- CVE-2022-34265: Fixed vulnerability allowing SQL injection via Trunc(kind) and Extract(lookup_name) arguments (bsc#1201186).\nBugfixes:\n- Disabled two barbican tests (SOC-8764).\n\nNon-security fixes included on this update:\n\nChanges in ardana-ansible:\n- Update to version 9.0+git.1660748476.c118d23:\n * Mitigate CVE-2020-1734 (SOC-11662)\n\nChanges in ardana-cobbler:\n- Update to version 9.0+git.1660747489.119efcd:\n * Mitigate CVE-2020-1734 (SOC-11662)\n\nChanges in ardana-tempest:\n- Update to version 9.0+git.1651855288.a2341ad:\n * Disable two barbican tests (SOC-8764)\n\nChanges in grafana:\n- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)\n * snapshot authentication bypass\n\nChanges in openstack-heat-templates:\n- Update to version 0.0.0+git.1654529662.75fa04a7:\n * doc: Comment out language option\n\nChanges in openstack-horizon-plugin-gbp-ui:\n- Update to version group-based-policy-ui-14.0.1.dev4:\n * remove legacy servicechain code\n\nChanges in openstack-neutron-gbp:\n- Update to version group-based-policy-14.0.1.dev46:\n * Remove logs\n 2014.2.rc1\n\n- Update to version group-based-policy-14.0.1.dev45:\n * FIP Status active after dissociate\n\n- Update to version group-based-policy-14.0.1.dev43:\n * fixed apic synchronization state for multiple erspan session\n\n- Update to version group-based-policy-14.0.1.dev41:\n * Remove\\_legacy\\_service\\_chain\\_code(2)\n\n- Update to version group-based-policy-14.0.1.dev39:\n * data-migrations spelling fixes\n 2014.2rc1\n\n- Update to version group-based-policy-14.0.1.dev38:\n * Adding support for address group feature in upstream\n\n- Update to version group-based-policy-14.0.1.dev36:\n * Add support for yoga\n 2014.2.rc1\n\n- Update to version group-based-policy-14.0.1.dev35:\n * Removed\\_legacy\\_service\\_chain\\_code\n 2014.2rc1\n\nChanges in openstack-nova:\n- Update to version nova-18.3.1.dev92:\n * [stable-only] Drop lower-constraints job\n\nChanges in openstack-nova:\n- Update to version nova-18.3.1.dev92:\n * [stable-only] Drop lower-constraints job\n\nChanges in python-Djanjo1:\n\n- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt\n to avoid source_validator incorrectly trying to use it as a detached\n signature file for the sources tarball.\n\n- Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)\n * Potential SQL injection in QuerySet.annotate(),aggregate() and extra()\n- Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)\n * SQL injection via Trunc(kind) and Extract(lookup_name) arguments\n\nChanges in rabbitmq-server:\n- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)\n\nChanges in rubygem-puma:\n- Add CVE-2022-24790 patch (bsc#1197818, CVE-2022-24790).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3339,SUSE-OpenStack-Cloud-9-2022-3339,SUSE-OpenStack-Cloud-Crowbar-9-2022-3339",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3339-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3339-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223339-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3339-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012331.html"
},
{
"category": "self",
"summary": "SUSE Bug 1157665",
"url": "https://bugzilla.suse.com/1157665"
},
{
"category": "self",
"summary": "SUSE Bug 1164139",
"url": "https://bugzilla.suse.com/1164139"
},
{
"category": "self",
"summary": "SUSE Bug 1191454",
"url": "https://bugzilla.suse.com/1191454"
},
{
"category": "self",
"summary": "SUSE Bug 1197818",
"url": "https://bugzilla.suse.com/1197818"
},
{
"category": "self",
"summary": "SUSE Bug 1198398",
"url": "https://bugzilla.suse.com/1198398"
},
{
"category": "self",
"summary": "SUSE Bug 1201186",
"url": "https://bugzilla.suse.com/1201186"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11287 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-1734 page",
"url": "https://www.suse.com/security/cve/CVE-2020-1734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39226 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24790 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28346 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-34265 page",
"url": "https://www.suse.com/security/cve/CVE-2022-34265/"
}
],
"title": "Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma",
"tracking": {
"current_release_date": "2022-09-22T14:16:26Z",
"generator": {
"date": "2022-09-22T14:16:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3339-1",
"initial_release_date": "2022-09-22T14:16:26Z",
"revision_history": [
{
"date": "2022-09-22T14:16:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.aarch64",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.aarch64",
"product_id": "erlang-rabbitmq-client-3.6.16-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-3.29.1.aarch64",
"product": {
"name": "grafana-6.7.4-3.29.1.aarch64",
"product_id": "grafana-6.7.4-3.29.1.aarch64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-4.3.1.aarch64",
"product": {
"name": "rabbitmq-server-3.6.16-4.3.1.aarch64",
"product_id": "rabbitmq-server-3.6.16-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.aarch64",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.aarch64",
"product_id": "rabbitmq-server-plugins-3.6.16-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.aarch64",
"product_id": "ruby2.1-rubygem-puma-2.16.0-4.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.aarch64",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.aarch64",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"product": {
"name": "ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"product_id": "ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch"
}
},
{
"category": "product_version",
"name": "ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"product": {
"name": "ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"product_id": "ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch"
}
},
{
"category": "product_version",
"name": "ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"product": {
"name": "ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"product_id": "ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"product": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"product_id": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"product": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"product_id": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev4-3.12.1.noarch",
"product": {
"name": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev4-3.12.1.noarch",
"product_id": "openstack-horizon-plugin-gbp-ui-test-14.0.1~dev4-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"product": {
"name": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"product_id": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-neutron-gbp-test-14.0.1~dev46-3.34.1.noarch",
"product": {
"name": "openstack-neutron-gbp-test-14.0.1~dev46-3.34.1.noarch",
"product_id": "openstack-neutron-gbp-test-14.0.1~dev46-3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-consoleauth-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-consoleauth-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-consoleauth-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-network-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-network-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-network-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-test-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-test-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-test-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"product_id": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "python-Django1-1.11.29-3.40.1.noarch",
"product": {
"name": "python-Django1-1.11.29-3.40.1.noarch",
"product_id": "python-Django1-1.11.29-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"product": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"product_id": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"product": {
"name": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"product_id": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch"
}
},
{
"category": "product_version",
"name": "python-nova-18.3.1~dev92-3.43.1.noarch",
"product": {
"name": "python-nova-18.3.1~dev92-3.43.1.noarch",
"product_id": "python-nova-18.3.1~dev92-3.43.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-Django1-1.11.29-3.40.1.noarch",
"product": {
"name": "python3-Django1-1.11.29-3.40.1.noarch",
"product_id": "python3-Django1-1.11.29-3.40.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"product": {
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"product_id": "venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"product": {
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"product_id": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"product": {
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"product_id": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch"
}
},
{
"category": "product_version",
"name": "venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"product": {
"name": "venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"product_id": "venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.ppc64le",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.ppc64le",
"product_id": "erlang-rabbitmq-client-3.6.16-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-3.29.1.ppc64le",
"product": {
"name": "grafana-6.7.4-3.29.1.ppc64le",
"product_id": "grafana-6.7.4-3.29.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-4.3.1.ppc64le",
"product": {
"name": "rabbitmq-server-3.6.16-4.3.1.ppc64le",
"product_id": "rabbitmq-server-3.6.16-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.ppc64le",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.ppc64le",
"product_id": "rabbitmq-server-plugins-3.6.16-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.ppc64le",
"product_id": "ruby2.1-rubygem-puma-2.16.0-4.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.ppc64le",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.ppc64le",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.s390x",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.s390x",
"product_id": "erlang-rabbitmq-client-3.6.16-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-3.29.1.s390x",
"product": {
"name": "grafana-6.7.4-3.29.1.s390x",
"product_id": "grafana-6.7.4-3.29.1.s390x"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-4.3.1.s390x",
"product": {
"name": "rabbitmq-server-3.6.16-4.3.1.s390x",
"product_id": "rabbitmq-server-3.6.16-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.s390x",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.s390x",
"product_id": "rabbitmq-server-plugins-3.6.16-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.s390x",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.s390x",
"product_id": "ruby2.1-rubygem-puma-2.16.0-4.18.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.s390x",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.s390x",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.x86_64",
"product": {
"name": "erlang-rabbitmq-client-3.6.16-4.3.1.x86_64",
"product_id": "erlang-rabbitmq-client-3.6.16-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "grafana-6.7.4-3.29.1.x86_64",
"product": {
"name": "grafana-6.7.4-3.29.1.x86_64",
"product_id": "grafana-6.7.4-3.29.1.x86_64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-3.6.16-4.3.1.x86_64",
"product": {
"name": "rabbitmq-server-3.6.16-4.3.1.x86_64",
"product_id": "rabbitmq-server-3.6.16-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"product": {
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"product_id": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64",
"product_id": "ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.x86_64",
"product": {
"name": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.x86_64",
"product_id": "ruby2.1-rubygem-puma-doc-2.16.0-4.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch"
},
"product_reference": "ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch"
},
"product_reference": "ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch"
},
"product_reference": "ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-3.29.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64"
},
"product_reference": "grafana-6.7.4-3.29.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch"
},
"product_reference": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch"
},
"product_reference": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch"
},
"product_reference": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Django1-1.11.29-3.40.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch"
},
"product_reference": "python-Django1-1.11.29-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch"
},
"product_reference": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch"
},
"product_reference": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nova-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "python-nova-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-3.6.16-4.3.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64"
},
"product_reference": "rabbitmq-server-3.6.16-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64"
},
"product_reference": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch"
},
"product_reference": "venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch"
},
"product_reference": "venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch"
},
"product_reference": "venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch"
},
"product_reference": "venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-6.7.4-3.29.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64"
},
"product_reference": "grafana-6.7.4-3.29.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch"
},
"product_reference": "openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch"
},
"product_reference": "openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch"
},
"product_reference": "openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-Django1-1.11.29-3.40.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch"
},
"product_reference": "python-Django1-1.11.29-3.40.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch"
},
"product_reference": "python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch"
},
"product_reference": "python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-nova-18.3.1~dev92-3.43.1.noarch as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch"
},
"product_reference": "python-nova-18.3.1~dev92-3.43.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-3.6.16-4.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64"
},
"product_reference": "rabbitmq-server-3.6.16-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64"
},
"product_reference": "rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
},
"product_reference": "ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11287"
}
],
"notes": [
{
"category": "general",
"text": "Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The \"X-Reason\" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11287",
"url": "https://www.suse.com/security/cve/CVE-2019-11287"
},
{
"category": "external",
"summary": "SUSE Bug 1157665 for CVE-2019-11287",
"url": "https://bugzilla.suse.com/1157665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:16:26Z",
"details": "important"
}
],
"title": "CVE-2019-11287"
},
{
"cve": "CVE-2020-1734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-1734"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-1734",
"url": "https://www.suse.com/security/cve/CVE-2020-1734"
},
{
"category": "external",
"summary": "SUSE Bug 1164139 for CVE-2020-1734",
"url": "https://bugzilla.suse.com/1164139"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:16:26Z",
"details": "important"
}
],
"title": "CVE-2020-1734"
},
{
"cve": "CVE-2021-39226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39226"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot \"public_mode\" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot \"public_mode\" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39226",
"url": "https://www.suse.com/security/cve/CVE-2021-39226"
},
{
"category": "external",
"summary": "SUSE Bug 1191454 for CVE-2021-39226",
"url": "https://bugzilla.suse.com/1191454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:16:26Z",
"details": "important"
}
],
"title": "CVE-2021-39226"
},
{
"cve": "CVE-2022-24790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24790"
}
],
"notes": [
{
"category": "general",
"text": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24790",
"url": "https://www.suse.com/security/cve/CVE-2022-24790"
},
{
"category": "external",
"summary": "SUSE Bug 1197818 for CVE-2022-24790",
"url": "https://bugzilla.suse.com/1197818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:16:26Z",
"details": "important"
}
],
"title": "CVE-2022-24790"
},
{
"cve": "CVE-2022-28346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28346"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28346",
"url": "https://www.suse.com/security/cve/CVE-2022-28346"
},
{
"category": "external",
"summary": "SUSE Bug 1198398 for CVE-2022-28346",
"url": "https://bugzilla.suse.com/1198398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:16:26Z",
"details": "important"
}
],
"title": "CVE-2022-28346"
},
{
"cve": "CVE-2022-34265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-34265"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-34265",
"url": "https://www.suse.com/security/cve/CVE-2022-34265"
},
{
"category": "external",
"summary": "SUSE Bug 1201186 for CVE-2022-34265",
"url": "https://bugzilla.suse.com/1201186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE OpenStack Cloud 9:ardana-ansible-9.0+git.1660748476.c118d23-3.32.1.noarch",
"SUSE OpenStack Cloud 9:ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1.noarch",
"SUSE OpenStack Cloud 9:ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1.noarch",
"SUSE OpenStack Cloud 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud 9:venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1.noarch",
"SUSE OpenStack Cloud 9:venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:grafana-6.7.4-3.29.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-cells-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-compute-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-conductor-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-console-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-novncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-placement-api-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-scheduler-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-serialproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:openstack-nova-vncproxy-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.40.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-neutron-gbp-14.0.1~dev46-3.34.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:python-nova-18.3.1~dev92-3.43.1.noarch",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:rabbitmq-server-plugins-3.6.16-4.3.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-puma-2.16.0-4.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-09-22T14:16:26Z",
"details": "important"
}
],
"title": "CVE-2022-34265"
}
]
}
rhsa-2023:1486
Vulnerability from csaf_redhat
Published
2023-03-28 00:18
Modified
2025-08-18 09:31
Summary
Red Hat Security Advisory: Red Hat Gluster Storage web-admin-build security update
Notes
Topic
An update is now available for Red Hat Gluster Storage 3.5 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle.
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
* puma-5.6.4: http request smuggling vulnerabilities (CVE-2022-24790)
* rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123)
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* rubygem-tzinfo: arbitrary code execution (CVE-2022-31163)
* rubygem-rack: crafted multipart POST request may cause a DoS (CVE-2022-30122)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Gluster Storage 3.5 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nDjango is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don\u0027t Repeat Yourself) principle.\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es):\n\n* puma-5.6.4: http request smuggling vulnerabilities (CVE-2022-24790)\n\n* rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* rubygem-tzinfo: arbitrary code execution (CVE-2022-31163)\n\n* rubygem-rack: crafted multipart POST request may cause a DoS (CVE-2022-30122)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1486",
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2071616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616"
},
{
"category": "external",
"summary": "2099519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519"
},
{
"category": "external",
"summary": "2099524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524"
},
{
"category": "external",
"summary": "2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "2110551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1486.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Gluster Storage web-admin-build security update",
"tracking": {
"current_release_date": "2025-08-18T09:31:14+00:00",
"generator": {
"date": "2025-08-18T09:31:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2023:1486",
"initial_release_date": "2023-03-28T00:18:32+00:00",
"revision_history": [
{
"date": "2023-03-28T00:18:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-28T00:18:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-18T09:31:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product": {
"name": "Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.5:wa:el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:5.2.4-6.el7rhgs.src",
"product": {
"name": "grafana-0:5.2.4-6.el7rhgs.src",
"product_id": "grafana-0:5.2.4-6.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@5.2.4-6.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-django-0:1.11.27-4.el7rhgs.src",
"product": {
"name": "python-django-0:1.11.27-4.el7rhgs.src",
"product_id": "python-django-0:1.11.27-4.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django@1.11.27-4.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "ruby-0:2.4.9-94.el7rhgs.src",
"product": {
"name": "ruby-0:2.4.9-94.el7rhgs.src",
"product_id": "ruby-0:2.4.9-94.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby@2.4.9-94.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"product": {
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"product_id": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activemodel@5.2.0-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"product": {
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"product_id": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activesupport@5.2.0-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"product": {
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"product_id": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bcrypt@3.1.12-2.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"product": {
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"product_id": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-concurrent-ruby@1.1.9-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"product": {
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"product_id": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-i18n@1.9.1-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"product": {
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"product_id": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-mustermann@1.0.3-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"product": {
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"product_id": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-nio4r@2.3.1-2.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
"product": {
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
"product_id": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma@4.3.12-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
"product": {
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
"product_id": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack@2.2.4-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"product": {
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"product_id": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack-protection@2.2.0-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"product": {
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"product_id": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-sinatra@2.2.0-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"product": {
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"product_id": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-thread_safe@0.3.6-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"product": {
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"product_id": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tilt@2.0.11-1.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"product": {
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"product_id": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el7rhgs?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:5.2.4-6.el7rhgs.x86_64",
"product": {
"name": "grafana-0:5.2.4-6.el7rhgs.x86_64",
"product_id": "grafana-0:5.2.4-6.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@5.2.4-6.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby-0:2.4.9-94.el7rhgs.x86_64",
"product": {
"name": "ruby-0:2.4.9-94.el7rhgs.x86_64",
"product_id": "ruby-0:2.4.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby@2.4.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"product": {
"name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"product_id": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-devel@2.4.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"product": {
"name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"product_id": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-libs@2.4.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"product_id": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bigdecimal@1.3.2-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"product_id": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-did_you_mean@1.1.0-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"product_id": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-io-console@0.4.6-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"product_id": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-json@2.0.4-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"product_id": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-net-telnet@0.1.1-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"product_id": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openssl@2.0.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"product": {
"name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"product_id": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-psych@2.2.2-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"product": {
"name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"product_id": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-debuginfo@2.4.9-94.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"product": {
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"product_id": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bcrypt@3.1.12-2.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"product": {
"name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"product_id": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bcrypt-debuginfo@3.1.12-2.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"product": {
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"product_id": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-nio4r@2.3.1-2.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"product": {
"name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"product_id": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-nio4r-debuginfo@2.3.1-2.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"product": {
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"product_id": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma@4.3.12-1.el7rhgs?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"product": {
"name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"product_id": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma-debuginfo@4.3.12-1.el7rhgs?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"product": {
"name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"product_id": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django-bash-completion@1.11.27-4.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-django-0:1.11.27-4.el7rhgs.noarch",
"product": {
"name": "python2-django-0:1.11.27-4.el7rhgs.noarch",
"product_id": "python2-django-0:1.11.27-4.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-django@1.11.27-4.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"product": {
"name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"product_id": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python2-django-doc@1.11.27-4.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"product": {
"name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"product_id": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-doc@2.4.9-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"product": {
"name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"product_id": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby-irb@2.4.9-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"product": {
"name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"product_id": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-minitest@5.10.1-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"product": {
"name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"product_id": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-power_assert@0.4.1-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"product": {
"name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"product_id": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rake@12.0.0-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"product": {
"name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"product_id": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rdoc@5.0.1-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"product": {
"name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"product_id": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-test-unit@3.2.3-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"product": {
"name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"product_id": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-xmlrpc@0.2.1-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"product": {
"name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"product_id": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygems@2.6.14.4-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
"product": {
"name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
"product_id": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygems-devel@2.6.14.4-94.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activemodel@5.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activemodel-doc@5.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activesupport@5.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-activesupport-doc@5.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"product": {
"name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"product_id": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-bcrypt-doc@3.1.12-2.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"product": {
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"product_id": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-concurrent-ruby@1.1.9-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"product": {
"name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"product_id": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-concurrent-ruby-doc@1.1.9-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"product": {
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"product_id": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-i18n@1.9.1-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"product": {
"name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"product_id": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-i18n-doc@1.9.1-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"product": {
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"product_id": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-mustermann@1.0.3-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"product": {
"name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"product_id": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-mustermann-doc@1.0.3-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"product": {
"name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"product_id": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-nio4r-doc@2.3.1-2.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"product": {
"name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"product_id": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-puma-doc@4.3.12-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"product": {
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"product_id": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack@2.2.4-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"product": {
"name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"product_id": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack-doc@2.2.4-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack-protection@2.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rack-protection-doc@2.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-sinatra@2.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"product": {
"name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"product_id": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-sinatra-doc@2.2.0-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"product": {
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"product_id": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-thread_safe@0.3.6-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"product": {
"name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"product_id": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-thread_safe-doc@0.3.6-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"product": {
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"product_id": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tilt@2.0.11-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"product": {
"name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"product_id": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tilt-doc@2.0.11-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"product": {
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"product_id": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"product": {
"name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"product_id": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-tzinfo-doc@1.2.10-1.el7rhgs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:5.2.4-6.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src"
},
"product_reference": "grafana-0:5.2.4-6.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:5.2.4-6.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64"
},
"product_reference": "grafana-0:5.2.4-6.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:1.11.27-4.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src"
},
"product_reference": "python-django-0:1.11.27-4.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch"
},
"product_reference": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-django-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch"
},
"product_reference": "python2-django-0:1.11.27-4.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch"
},
"product_reference": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-0:2.4.9-94.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src"
},
"product_reference": "ruby-0:2.4.9-94.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64"
},
"product_reference": "ruby-0:2.4.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64"
},
"product_reference": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64"
},
"product_reference": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch"
},
"product_reference": "ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch"
},
"product_reference": "ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64"
},
"product_reference": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src"
},
"product_reference": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src"
},
"product_reference": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src"
},
"product_reference": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64"
},
"product_reference": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64"
},
"product_reference": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch"
},
"product_reference": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch"
},
"product_reference": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src"
},
"product_reference": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch"
},
"product_reference": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch"
},
"product_reference": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src"
},
"product_reference": "rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch"
},
"product_reference": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch"
},
"product_reference": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch"
},
"product_reference": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src"
},
"product_reference": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch"
},
"product_reference": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src"
},
"product_reference": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64"
},
"product_reference": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64"
},
"product_reference": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch"
},
"product_reference": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch"
},
"product_reference": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64"
},
"product_reference": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src"
},
"product_reference": "rubygem-puma-0:4.3.12-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64"
},
"product_reference": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64"
},
"product_reference": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch"
},
"product_reference": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch"
},
"product_reference": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-0:2.2.4-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src"
},
"product_reference": "rubygem-rack-0:2.2.4-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
},
"product_reference": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src"
},
"product_reference": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch"
},
"product_reference": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch"
},
"product_reference": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src"
},
"product_reference": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch"
},
"product_reference": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch"
},
"product_reference": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch"
},
"product_reference": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src"
},
"product_reference": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch"
},
"product_reference": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch"
},
"product_reference": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src"
},
"product_reference": "rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch"
},
"product_reference": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch"
},
"product_reference": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src"
},
"product_reference": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch"
},
"product_reference": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch"
},
"product_reference": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch"
},
"product_reference": "rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
},
"product_reference": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24790",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2071616"
}
],
"notes": [
{
"category": "description",
"text": "A HTTP request smuggling flaw was found in puma. This issue occurs when using puma behind a proxy. Puma does not validate incoming HTTP requests, as per RFC specification, leading to loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "puma-5.6.4: http request smuggling vulnerabilities",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24790"
},
{
"category": "external",
"summary": "RHBZ#2071616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790"
}
],
"release_date": "2022-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "puma-5.6.4: http request smuggling vulnerabilities"
},
{
"cve": "CVE-2022-30122",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-06-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2099519"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack\u0027s multipart parser to take much longer than expected, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: crafted multipart POST request may cause a DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30122"
},
{
"category": "external",
"summary": "RHBZ#2099519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30122"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122"
},
{
"category": "external",
"summary": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml"
}
],
"release_date": "2022-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-rack: crafted multipart POST request may cause a DoS"
},
{
"cve": "CVE-2022-30123",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-06-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2099524"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack\u0027s `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim\u0027s terminal.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: crafted requests can cause shell escape sequences",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- Because Red Hat OpenStack Platform 13.0 Operational Tools packaged the flawed code, but does not use its functionality, its Impact has been reduced to \u0027Low\u0027.\n- To exploit this vulnerability, applications should have either of these middlewares \u0027Lint\u0027 or \u0027CommonLogger\u0027 installed, and vulnerable apps may have something like this: \n\u0027use Rack::Lint\u0027 OR \u0027use Rack::CommonLogger\u0027\nThe Red Hat products use the flawed code but don\u0027t use its functionality, Hence, the impact is set to Important.\n- Logging Subsystem for Red Hat OpenShift uses the vulnerable ruby gem-rack package in the openshift-logging/fluentd-rhel8 component to instantiate client-to-server communication. But, this component cannot receive any requests so exploitation by crafted request consumption is not possible. Therefore the impact of this vulnerability on the Logging Subsystem for Red Hat OpenShift is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30123"
},
{
"category": "external",
"summary": "RHBZ#2099524",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30123"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr",
"url": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr"
}
],
"release_date": "2022-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-rack: crafted requests can cause shell escape sequences"
},
{
"cve": "CVE-2022-31129",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-07-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2105075"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moment: inefficient parsing algorithm resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.\n\nIn Quay IO 3.10 and above, no version of affected momentjs is present.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31129"
},
{
"category": "external",
"summary": "RHBZ#2105075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129"
},
{
"category": "external",
"summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
"url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g"
}
],
"release_date": "2022-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "moment: inefficient parsing algorithm resulting in DoS"
},
{
"cve": "CVE-2022-31163",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2022-07-25T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2110551"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within the Ruby process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-tzinfo: arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch"
],
"known_not_affected": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31163"
},
{
"category": "external",
"summary": "RHBZ#2110551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31163",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163"
},
{
"category": "external",
"summary": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx",
"url": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx"
}
],
"release_date": "2022-07-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-28T00:18:32+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
},
{
"category": "workaround",
"details": "As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get by ensuring it matches the regular expression \\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z.",
"product_ids": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch",
"7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-tzinfo: arbitrary code execution"
}
]
}
rhsa-2022:8532
Vulnerability from csaf_redhat
Published
2022-11-17 17:20
Modified
2024-11-22 20:58
Summary
Red Hat Security Advisory: Satellite 6.9.10 Async Security Update
Notes
Topic
Updated Satellite 6.9 packages that fix several bugs are now available for Red Hat Satellite.
Details
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Security Fix(es):
* tfm-rubygem-puma: http request smuggling vulnerabilities (CVE-2022-24790)
This update fixes the following bugs:
* 2038995: When executing the content migration (pre-upgrade process), there is a PG query created by pulp that will be sitting forever
* 2074099: The errata migration continues to fail with "pymongo.errors.DocumentTooLarge: BSON document too large" error even after upgrading to Satellite 6.9.8
* 2081560: ForeignKeyViolation Error with docker_meta_tags
* 2091438: Use of content.count() in app/models/repository.py seems to hit an error
* 2093829: 'foreman-maintain content migration-stats' command stucks and consume all memory
* 2098221: Pulp 3 migration stats timing is too low for very large deployments
* 2141348: It appears that the egg is downloaded every time
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Satellite 6.9 packages that fix several bugs are now available for Red Hat Satellite.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.\n\nSecurity Fix(es):\n* tfm-rubygem-puma: http request smuggling vulnerabilities (CVE-2022-24790)\n\nThis update fixes the following bugs:\n* 2038995: When executing the content migration (pre-upgrade process), there is a PG query created by pulp that will be sitting forever\n* 2074099: The errata migration continues to fail with \"pymongo.errors.DocumentTooLarge: BSON document too large\" error even after upgrading to Satellite 6.9.8\n* 2081560: ForeignKeyViolation Error with docker_meta_tags\n* 2091438: Use of content.count() in app/models/repository.py seems to hit an error\n* 2093829: \u0027foreman-maintain content migration-stats\u0027 command stucks and consume all memory\n* 2098221: Pulp 3 migration stats timing is too low for very large deployments\n* 2141348: It appears that the egg is downloaded every time\n\nUsers of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8532",
"url": "https://access.redhat.com/errata/RHSA-2022:8532"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2038995",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038995"
},
{
"category": "external",
"summary": "2071616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616"
},
{
"category": "external",
"summary": "2074099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074099"
},
{
"category": "external",
"summary": "2081560",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081560"
},
{
"category": "external",
"summary": "2091438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091438"
},
{
"category": "external",
"summary": "2093829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093829"
},
{
"category": "external",
"summary": "2098221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098221"
},
{
"category": "external",
"summary": "2141348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141348"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8532.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.9.10 Async Security Update",
"tracking": {
"current_release_date": "2024-11-22T20:58:30+00:00",
"generator": {
"date": "2024-11-22T20:58:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:8532",
"initial_release_date": "2022-11-17T17:20:06+00:00",
"revision_history": [
{
"date": "2022-11-17T17:20:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-17T17:20:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T20:58:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite Capsule 6.9",
"product": {
"name": "Red Hat Satellite Capsule 6.9",
"product_id": "7Server-Capsule69",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.9::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.9",
"product": {
"name": "Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.9::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "satellite-0:6.9.10-1.el7sat.src",
"product": {
"name": "satellite-0:6.9.10-1.el7sat.src",
"product_id": "satellite-0:6.9.10-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.9.10-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-puma-0:4.3.12-1.el7sat.src",
"product": {
"name": "tfm-rubygem-puma-0:4.3.12-1.el7sat.src",
"product_id": "tfm-rubygem-puma-0:4.3.12-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-puma@4.3.12-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-pulp_2to3_migration-0:0.11.13-1.el7pc.src",
"product": {
"name": "python-pulp_2to3_migration-0:0.11.13-1.el7pc.src",
"product_id": "python-pulp_2to3_migration-0:0.11.13-1.el7pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pulp_2to3_migration@0.11.13-1.el7pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src",
"product": {
"name": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src",
"product_id": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-foreman_rh_cloud@3.0.33-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src",
"product": {
"name": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src",
"product_id": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-katello@3.18.1.55-1.el7sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "satellite-capsule-0:6.9.10-1.el7sat.noarch",
"product": {
"name": "satellite-capsule-0:6.9.10-1.el7sat.noarch",
"product_id": "satellite-capsule-0:6.9.10-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.9.10-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.9.10-1.el7sat.noarch",
"product": {
"name": "satellite-common-0:6.9.10-1.el7sat.noarch",
"product_id": "satellite-common-0:6.9.10-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.9.10-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch",
"product": {
"name": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch",
"product_id": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-debug-tools@6.9.10-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.9.10-1.el7sat.noarch",
"product": {
"name": "satellite-0:6.9.10-1.el7sat.noarch",
"product_id": "satellite-0:6.9.10-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.9.10-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.9.10-1.el7sat.noarch",
"product": {
"name": "satellite-cli-0:6.9.10-1.el7sat.noarch",
"product_id": "satellite-cli-0:6.9.10-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.9.10-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch",
"product": {
"name": "python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch",
"product_id": "python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-pulp-2to3-migration@0.11.13-1.el7pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch",
"product_id": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-foreman_rh_cloud@3.0.33-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch",
"product_id": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-katello@3.18.1.55-1.el7sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64",
"product": {
"name": "tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64",
"product_id": "tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-puma@4.3.12-1.el7sat?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64",
"product": {
"name": "tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64",
"product_id": "tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-puma-debuginfo@4.3.12-1.el7sat?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.9",
"product_id": "7Server-Capsule69:satellite-0:6.9.10-1.el7sat.noarch"
},
"product_reference": "satellite-0:6.9.10-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.9.10-1.el7sat.src as a component of Red Hat Satellite Capsule 6.9",
"product_id": "7Server-Capsule69:satellite-0:6.9.10-1.el7sat.src"
},
"product_reference": "satellite-0:6.9.10-1.el7sat.src",
"relates_to_product_reference": "7Server-Capsule69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.9",
"product_id": "7Server-Capsule69:satellite-capsule-0:6.9.10-1.el7sat.noarch"
},
"product_reference": "satellite-capsule-0:6.9.10-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.9",
"product_id": "7Server-Capsule69:satellite-cli-0:6.9.10-1.el7sat.noarch"
},
"product_reference": "satellite-cli-0:6.9.10-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.9",
"product_id": "7Server-Capsule69:satellite-common-0:6.9.10-1.el7sat.noarch"
},
"product_reference": "satellite-common-0:6.9.10-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.9",
"product_id": "7Server-Capsule69:satellite-debug-tools-0:6.9.10-1.el7sat.noarch"
},
"product_reference": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pulp_2to3_migration-0:0.11.13-1.el7pc.src as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:python-pulp_2to3_migration-0:0.11.13-1.el7pc.src"
},
"product_reference": "python-pulp_2to3_migration-0:0.11.13-1.el7pc.src",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch"
},
"product_reference": "python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:satellite-0:6.9.10-1.el7sat.noarch"
},
"product_reference": "satellite-0:6.9.10-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.9.10-1.el7sat.src as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:satellite-0:6.9.10-1.el7sat.src"
},
"product_reference": "satellite-0:6.9.10-1.el7sat.src",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:satellite-capsule-0:6.9.10-1.el7sat.noarch"
},
"product_reference": "satellite-capsule-0:6.9.10-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:satellite-cli-0:6.9.10-1.el7sat.noarch"
},
"product_reference": "satellite-cli-0:6.9.10-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:satellite-common-0:6.9.10-1.el7sat.noarch"
},
"product_reference": "satellite-common-0:6.9.10-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:satellite-debug-tools-0:6.9.10-1.el7sat.noarch"
},
"product_reference": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src"
},
"product_reference": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src"
},
"product_reference": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-puma-0:4.3.12-1.el7sat.src as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.src"
},
"product_reference": "tfm-rubygem-puma-0:4.3.12-1.el7sat.src",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64 as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64"
},
"product_reference": "tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64",
"relates_to_product_reference": "7Server-Satellite69"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64 as a component of Red Hat Satellite 6.9",
"product_id": "7Server-Satellite69:tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64"
},
"product_reference": "tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64",
"relates_to_product_reference": "7Server-Satellite69"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24790",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-Capsule69:satellite-0:6.9.10-1.el7sat.noarch",
"7Server-Capsule69:satellite-0:6.9.10-1.el7sat.src",
"7Server-Capsule69:satellite-capsule-0:6.9.10-1.el7sat.noarch",
"7Server-Capsule69:satellite-cli-0:6.9.10-1.el7sat.noarch",
"7Server-Capsule69:satellite-common-0:6.9.10-1.el7sat.noarch",
"7Server-Capsule69:satellite-debug-tools-0:6.9.10-1.el7sat.noarch",
"7Server-Satellite69:python-pulp_2to3_migration-0:0.11.13-1.el7pc.src",
"7Server-Satellite69:python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch",
"7Server-Satellite69:satellite-0:6.9.10-1.el7sat.noarch",
"7Server-Satellite69:satellite-0:6.9.10-1.el7sat.src",
"7Server-Satellite69:satellite-capsule-0:6.9.10-1.el7sat.noarch",
"7Server-Satellite69:satellite-cli-0:6.9.10-1.el7sat.noarch",
"7Server-Satellite69:satellite-common-0:6.9.10-1.el7sat.noarch",
"7Server-Satellite69:satellite-debug-tools-0:6.9.10-1.el7sat.noarch",
"7Server-Satellite69:tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch",
"7Server-Satellite69:tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src",
"7Server-Satellite69:tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch",
"7Server-Satellite69:tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2071616"
}
],
"notes": [
{
"category": "description",
"text": "A HTTP request smuggling flaw was found in puma. This issue occurs when using puma behind a proxy. Puma does not validate incoming HTTP requests, as per RFC specification, leading to loss of integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "puma-5.6.4: http request smuggling vulnerabilities",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.src",
"7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64",
"7Server-Satellite69:tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64"
],
"known_not_affected": [
"7Server-Capsule69:satellite-0:6.9.10-1.el7sat.noarch",
"7Server-Capsule69:satellite-0:6.9.10-1.el7sat.src",
"7Server-Capsule69:satellite-capsule-0:6.9.10-1.el7sat.noarch",
"7Server-Capsule69:satellite-cli-0:6.9.10-1.el7sat.noarch",
"7Server-Capsule69:satellite-common-0:6.9.10-1.el7sat.noarch",
"7Server-Capsule69:satellite-debug-tools-0:6.9.10-1.el7sat.noarch",
"7Server-Satellite69:python-pulp_2to3_migration-0:0.11.13-1.el7pc.src",
"7Server-Satellite69:python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch",
"7Server-Satellite69:satellite-0:6.9.10-1.el7sat.noarch",
"7Server-Satellite69:satellite-0:6.9.10-1.el7sat.src",
"7Server-Satellite69:satellite-capsule-0:6.9.10-1.el7sat.noarch",
"7Server-Satellite69:satellite-cli-0:6.9.10-1.el7sat.noarch",
"7Server-Satellite69:satellite-common-0:6.9.10-1.el7sat.noarch",
"7Server-Satellite69:satellite-debug-tools-0:6.9.10-1.el7sat.noarch",
"7Server-Satellite69:tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch",
"7Server-Satellite69:tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src",
"7Server-Satellite69:tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch",
"7Server-Satellite69:tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24790"
},
{
"category": "external",
"summary": "RHBZ#2071616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790"
}
],
"release_date": "2022-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-17T17:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.9/html/upgrading_and_updating_red_hat_satellite/updating_satellite_server_capsule_server_and_content_hosts",
"product_ids": [
"7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.src",
"7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64",
"7Server-Satellite69:tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.src",
"7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64",
"7Server-Satellite69:tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "puma-5.6.4: http request smuggling vulnerabilities"
}
]
}
fkie_cve-2022-24790
Vulnerability from fkie_nvd
Published
2022-03-30 22:15
Modified
2024-11-21 06:51
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9 | Issue Tracking, Third Party Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/ | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/ | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/ | ||
| security-advisories@github.com | https://security.gentoo.org/glsa/202208-28 | Third Party Advisory | |
| security-advisories@github.com | https://www.debian.org/security/2022/dsa-5146 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-28 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5146 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| puma | puma | * | |
| puma | puma | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "345E03BE-2C86-4772-AA09-236D912EC708",
"versionEndExcluding": "4.3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "C0FF1252-8D38-4832-B0B0-CAEDB2E13F0B",
"versionEndExcluding": "5.6.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard."
},
{
"lang": "es",
"value": "Puma es un servidor HTTP versi\u00f3n 1.1 simple, r\u00e1pido, multihilo y paralelo para aplicaciones Ruby/Rack. Cuando es usado Puma detr\u00e1s de un proxy que no comprueba apropiadamente que la petici\u00f3n HTTP entrante coincide con el est\u00e1ndar RFC7230, Puma y el proxy del frontend pueden no estar de acuerdo en d\u00f3nde empieza y termina una petici\u00f3n. Esto permitir\u00eda contrabandear peticiones por medio del proxy del front-end a Puma. La vulnerabilidad ha sido corregida en versiones 5.6.4 y 4.3.12. Se recomienda a usuarios actualizar lo antes posible. Mitigaci\u00f3n: cuando despliegue un proxy frente a Puma, habilite todas las funciones para asegurarse de que la petici\u00f3n se ajusta al est\u00e1ndar RFC7230"
}
],
"id": "CVE-2022-24790",
"lastModified": "2024-11-21T06:51:06.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-30T22:15:08.500",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-28"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5146"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
wid-sec-w-2022-2109
Vulnerability from csaf_certbund
Published
2022-11-17 23:00
Modified
2023-03-27 22:00
Summary
Red Hat Satellite: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Satellite dient als zentrale Stelle für das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Satellite ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- UNIX
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Satellite dient als zentrale Stelle f\u00fcr das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Satellite ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2109 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2109.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2109 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2109"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1486 vom 2023-03-28",
"url": "https://access.redhat.com/errata/RHSA-2023:1486"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8532 vom 2022-11-17",
"url": "https://access.redhat.com/errata/RHSA-2022:8532"
}
],
"source_lang": "en-US",
"title": "Red Hat Satellite: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2023-03-27T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:38:35.243+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-2109",
"initial_release_date": "2022-11-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-11-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-03-27T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite Async \u003c 6.9.10",
"product": {
"name": "Red Hat Satellite Async \u003c 6.9.10",
"product_id": "T025367",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:async__6.9.10"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24790",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Satellite. Der Fehler besteht in der Komponente \"puma\" aufgrund eines HTTP-Request-Schmuggels. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646"
]
},
"release_date": "2022-11-17T23:00:00.000+00:00",
"title": "CVE-2022-24790"
}
]
}
gsd-2022-24790
Vulnerability from gsd
Modified
2022-03-30 00:00
Details
### Impact
When using Puma behind a proxy that does not properly validate that the
incoming HTTP request matches the RFC7230 standard, Puma and the frontend
proxy may disagree on where a request starts and ends. This would allow
requests to be smuggled via the front-end proxy to Puma.
The following vulnerabilities are addressed by this advisory:
- Lenient parsing of `Transfer-Encoding` headers, when unsupported encodings
should be rejected and the final encoding must be `chunked`.
- Lenient parsing of malformed `Content-Length` headers and chunk sizes, when
only digits and hex digits should be allowed.
- Lenient parsing of duplicate `Content-Length` headers, when they should be
rejected.
- Lenient parsing of the ending of chunked segments, when they should end
with `\r\n`.
### Patches
The vulnerability has been fixed in 5.6.4 and 4.3.12.
### Workarounds
When deploying a proxy in front of Puma, turning on any and all functionality
to make sure that the request matches the RFC7230 standard.
These proxy servers are known to have "good" behavior re: this standard and
upgrading Puma may not be necessary. Users are encouraged to validate for
themselves.
- Nginx (latest)
- Apache (latest)
- Haproxy 2.5+
- Caddy (latest)
- Traefik (latest)
### References
[HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling)
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-24790",
"description": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",
"id": "GSD-2022-24790",
"references": [
"https://www.suse.com/security/cve/CVE-2022-24790.html",
"https://security.archlinux.org/CVE-2022-24790",
"https://www.debian.org/security/2022/dsa-5146",
"https://access.redhat.com/errata/RHSA-2022:8532"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "puma",
"purl": "pkg:gem/puma"
}
}
],
"aliases": [
"CVE-2022-24790",
"GHSA-h99w-9q5r-gjq9"
],
"details": "### Impact\n\nWhen using Puma behind a proxy that does not properly validate that the\nincoming HTTP request matches the RFC7230 standard, Puma and the frontend\nproxy may disagree on where a request starts and ends. This would allow\nrequests to be smuggled via the front-end proxy to Puma.\n\nThe following vulnerabilities are addressed by this advisory:\n- Lenient parsing of `Transfer-Encoding` headers, when unsupported encodings\n should be rejected and the final encoding must be `chunked`.\n- Lenient parsing of malformed `Content-Length` headers and chunk sizes, when\n only digits and hex digits should be allowed.\n- Lenient parsing of duplicate `Content-Length` headers, when they should be\n rejected.\n- Lenient parsing of the ending of chunked segments, when they should end\n with `\\r\\n`.\n\n### Patches\n\nThe vulnerability has been fixed in 5.6.4 and 4.3.12.\n\n### Workarounds\n\nWhen deploying a proxy in front of Puma, turning on any and all functionality\nto make sure that the request matches the RFC7230 standard.\n\nThese proxy servers are known to have \"good\" behavior re: this standard and\nupgrading Puma may not be necessary. Users are encouraged to validate for\nthemselves.\n\n- Nginx (latest)\n- Apache (latest)\n- Haproxy 2.5+\n- Caddy (latest)\n- Traefik (latest)\n\n### References\n\n[HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling)\n",
"id": "GSD-2022-24790",
"modified": "2022-03-30T00:00:00.000Z",
"published": "2022-03-30T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9"
},
{
"type": "WEB",
"url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 9.1,
"type": "CVSS_V3"
}
],
"summary": "HTTP Request Smuggling in puma"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24790",
"STATE": "PUBLIC",
"TITLE": "HTTP Request Smuggling in puma"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "puma",
"version": {
"version_data": [
{
"version_value": "\u003c 4.3.12"
},
{
"version_value": "\u003e= 5.0.0, \u003c 5.6.4"
}
]
}
}
]
},
"vendor_name": "puma"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9",
"refsource": "CONFIRM",
"url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9"
},
{
"name": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5",
"refsource": "MISC",
"url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5"
},
{
"name": "DSA-5146",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5146"
},
{
"name": "GLSA-202208-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-28"
},
{
"name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
},
{
"name": "FEDORA-2022-de968d1b6c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/"
},
{
"name": "FEDORA-2022-52d0032596",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/"
},
{
"name": "FEDORA-2022-7c8b29195f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/"
}
]
},
"source": {
"advisory": "GHSA-h99w-9q5r-gjq9",
"discovery": "UNKNOWN"
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2022-24790",
"cvss_v3": 9.1,
"date": "2022-03-30",
"description": "### Impact\n\nWhen using Puma behind a proxy that does not properly validate that the\nincoming HTTP request matches the RFC7230 standard, Puma and the frontend\nproxy may disagree on where a request starts and ends. This would allow\nrequests to be smuggled via the front-end proxy to Puma.\n\nThe following vulnerabilities are addressed by this advisory:\n- Lenient parsing of `Transfer-Encoding` headers, when unsupported encodings\n should be rejected and the final encoding must be `chunked`.\n- Lenient parsing of malformed `Content-Length` headers and chunk sizes, when\n only digits and hex digits should be allowed.\n- Lenient parsing of duplicate `Content-Length` headers, when they should be\n rejected.\n- Lenient parsing of the ending of chunked segments, when they should end\n with `\\r\\n`.\n\n### Patches\n\nThe vulnerability has been fixed in 5.6.4 and 4.3.12.\n\n### Workarounds\n\nWhen deploying a proxy in front of Puma, turning on any and all functionality\nto make sure that the request matches the RFC7230 standard.\n\nThese proxy servers are known to have \"good\" behavior re: this standard and\nupgrading Puma may not be necessary. Users are encouraged to validate for\nthemselves.\n\n- Nginx (latest)\n- Apache (latest)\n- Haproxy 2.5+\n- Caddy (latest)\n- Traefik (latest)\n\n### References\n\n[HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling)\n",
"gem": "puma",
"ghsa": "h99w-9q5r-gjq9",
"patched_versions": [
"~\u003e 4.3.12",
"\u003e= 5.6.4"
],
"related": {
"url": [
"https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5"
]
},
"title": "HTTP Request Smuggling in puma",
"url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c4.3.12||\u003e=5.0.0 \u003c5.6.4",
"affected_versions": "All versions before 4.3.12, all versions starting from 5.0.0 before 5.6.4",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-444",
"CWE-937"
],
"date": "2022-10-12",
"description": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",
"fixed_versions": [],
"identifier": "CVE-2022-24790",
"identifiers": [
"CVE-2022-24790",
"GHSA-h99w-9q5r-gjq9"
],
"not_impacted": "",
"package_slug": "gem/gitlab-puma",
"pubdate": "2022-03-30",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-24790",
"https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5",
"https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9"
],
"uuid": "d511407c-e0b0-45e0-8d87-5ca4f9ae7123"
},
{
"affected_range": "\u003c4.3.12||\u003e=5.0.0 \u003c5.6.4",
"affected_versions": "All versions before 4.3.12, all versions starting from 5.0.0 before 5.6.4",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-444",
"CWE-937"
],
"date": "2022-10-12",
"description": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",
"fixed_versions": [
"4.3.12",
"5.6.4"
],
"identifier": "CVE-2022-24790",
"identifiers": [
"CVE-2022-24790",
"GHSA-h99w-9q5r-gjq9"
],
"not_impacted": "All versions starting from 4.3.12 before 5.0.0, all versions starting from 5.6.4",
"package_slug": "gem/puma",
"pubdate": "2022-03-30",
"solution": "Upgrade to versions 4.3.12, 5.6.4 or above.",
"title": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"urls": [
"https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9",
"https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5",
"https://github.com/advisories/GHSA-h99w-9q5r-gjq9"
],
"uuid": "e3fa2ba1-01ed-4de4-8bc1-8761adf07836"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "5.6.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24790"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5"
},
{
"name": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9"
},
{
"name": "DSA-5146",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5146"
},
{
"name": "GLSA-202208-28",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-28"
},
{
"name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
},
{
"name": "FEDORA-2022-de968d1b6c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/"
},
{
"name": "FEDORA-2022-52d0032596",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/"
},
{
"name": "FEDORA-2022-7c8b29195f",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-10-12T13:15Z",
"publishedDate": "2022-03-30T22:15Z"
}
}
}
ghsa-h99w-9q5r-gjq9
Vulnerability from github
Published
2022-03-30 21:48
Modified
2022-08-16 19:37
Severity ?
VLAI Severity ?
Summary
Puma vulnerable to HTTP Request Smuggling
Details
When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma.
The following vulnerabilities are addressed by this advisory:
- Lenient parsing of Transfer-Encoding headers, when unsupported encodings should be rejected and the final encoding must be chunked.
- Lenient parsing of malformed Content-Length headers and chunk sizes, when only digits and hex digits should be allowed.
- Lenient parsing of duplicate Content-Length headers, when they should be rejected.
- Lenient parsing of the ending of chunked segments, when they should end with \r\n.
The vulnerability has been fixed in 5.6.4 and 4.3.12. When deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.
These proxy servers are known to have "good" behavior re: this standard and upgrading Puma may not be necessary. Users are encouraged to validate for themselves.
- Nginx (latest)
- Apache (latest)
- Haproxy 2.5+
- Caddy (latest)
- Traefik (latest)
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "puma"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.6.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "puma"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24790"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-30T21:48:50Z",
"nvd_published_at": "2022-03-30T22:15:00Z",
"severity": "CRITICAL"
},
"details": "When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma.\n\nThe following vulnerabilities are addressed by this advisory:\n- Lenient parsing of `Transfer-Encoding` headers, when unsupported encodings should be rejected and the final encoding must be `chunked`.\n- Lenient parsing of malformed `Content-Length` headers and chunk sizes, when only digits and hex digits should be allowed.\n- Lenient parsing of duplicate `Content-Length` headers, when they should be rejected.\n- Lenient parsing of the ending of chunked segments, when they should end with `\\r\\n`.\n\nThe vulnerability has been fixed in 5.6.4 and 4.3.12. When deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard. \n\nThese proxy servers are known to have \"good\" behavior re: this standard and upgrading Puma may not be necessary. Users are encouraged to validate for themselves.\n\n- Nginx (latest)\n- Apache (latest)\n- Haproxy 2.5+\n- Caddy (latest)\n- Traefik (latest)",
"id": "GHSA-h99w-9q5r-gjq9",
"modified": "2022-08-16T19:37:40Z",
"published": "2022-03-30T21:48:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790"
},
{
"type": "WEB",
"url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5"
},
{
"type": "PACKAGE",
"url": "https://github.com/puma/puma"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-24790.yml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB"
},
{
"type": "WEB",
"url": "https://portswigger.net/web-security/request-smuggling"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-28"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5146"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Puma vulnerable to HTTP Request Smuggling"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…