Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-24557 (GCVE-0-2024-24557)
Vulnerability from cvelistv5
Published
2024-02-01 16:26
Modified
2025-05-15 15:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:52.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
},
{
"name": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24557",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T15:20:50.514908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T15:27:27.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "moby",
"vendor": "moby",
"versions": [
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 25.0.2"
},
{
"status": "affected",
"version": " \u003c 24.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T17:38:40.747Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
},
{
"name": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
}
],
"source": {
"advisory": "GHSA-xw73-rw38-6vjc",
"discovery": "UNKNOWN"
},
"title": "Moby classic builder cache poisoning"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24557",
"datePublished": "2024-02-01T16:26:29.685Z",
"dateReserved": "2024-01-25T15:09:40.208Z",
"dateUpdated": "2025-05-15T15:27:27.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-24557\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-02-01T17:15:10.953\",\"lastModified\":\"2024-11-21T08:59:24.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.\"},{\"lang\":\"es\",\"value\":\"Moby es un proyecto de c\u00f3digo abierto creado por Docker para permitir la contenedorizaci\u00f3n de software. El sistema de cach\u00e9 del constructor cl\u00e1sico es propenso a envenenar el cach\u00e9 si la imagen se crea DESDE scratch. Adem\u00e1s, los cambios en algunas instrucciones (las m\u00e1s importantes son HEALTHCHECK y ONBUILD) no provocar\u00edan una p\u00e9rdida de cach\u00e9. Un atacante con conocimiento del Dockerfile que alguien est\u00e1 usando podr\u00eda envenenar su cach\u00e9 al obligarlo a extraer una imagen especialmente manipulada que se considerar\u00eda como un candidato de cach\u00e9 v\u00e1lido para algunos pasos de compilaci\u00f3n. Los usuarios de 23.0+ solo se ven afectados si optaron expl\u00edcitamente por no participar en Buildkit (variable de entorno DOCKER_BUILDKIT=0) o si est\u00e1n usando el endpoint API /build. Todos los usuarios con versiones anteriores a la 23.0 podr\u00edan verse afectados. El punto final de la API de creaci\u00f3n de im\u00e1genes (/build) y la funci\u00f3n ImageBuild de github.com/docker/docker/client tambi\u00e9n se ven afectados ya que utiliza el generador cl\u00e1sico de forma predeterminada. Los parches se incluyen en las versiones 24.0.9 y 25.0.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.0,\"impactScore\":5.3},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"},{\"lang\":\"en\",\"value\":\"CWE-346\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-346\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"24.0.9\",\"matchCriteriaId\":\"8334C2EE-69C4-42D5-89C3-00C77A880F08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"25.0.0\",\"versionEndExcluding\":\"25.0.2\",\"matchCriteriaId\":\"D9331CA9-E92E-4D37-8C87-92F6D4418C4A\"}]}]}],\"references\":[{\"url\":\"https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc\", \"name\": \"https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae\", \"name\": \"https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T23:19:52.928Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-24557\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-15T15:20:50.514908Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-15T15:27:23.013Z\"}}], \"cna\": {\"title\": \"Moby classic builder cache poisoning\", \"source\": {\"advisory\": \"GHSA-xw73-rw38-6vjc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.9, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"moby\", \"product\": \"moby\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 25.0.0, \u003c 25.0.2\"}, {\"status\": \"affected\", \"version\": \" \u003c 24.0.9\"}]}], \"references\": [{\"url\": \"https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc\", \"name\": \"https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae\", \"name\": \"https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-346\", \"description\": \"CWE-346: Origin Validation Error\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-345\", \"description\": \"CWE-345: Insufficient Verification of Data Authenticity\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-02-01T17:38:40.747Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-24557\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-15T15:27:27.082Z\", \"dateReserved\": \"2024-01-25T15:09:40.208Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-02-01T16:26:29.685Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
gsd-2024-24557
Vulnerability from gsd
Modified
2024-01-26 06:02
Details
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-24557"
],
"details": "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.",
"id": "GSD-2024-24557",
"modified": "2024-01-26T06:02:26.103598Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2024-24557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moby",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003e= 25.0.0, \u003c 25.0.2"
},
{
"version_affected": "=",
"version_value": " \u003c 24.0.9"
}
]
}
}
]
},
"vendor_name": "moby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-346",
"lang": "eng",
"value": "CWE-346: Origin Validation Error"
}
]
},
{
"description": [
{
"cweId": "CWE-345",
"lang": "eng",
"value": "CWE-345: Insufficient Verification of Data Authenticity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc",
"refsource": "MISC",
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
},
{
"name": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae",
"refsource": "MISC",
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
}
]
},
"source": {
"advisory": "GHSA-xw73-rw38-6vjc",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8334C2EE-69C4-42D5-89C3-00C77A880F08",
"versionEndExcluding": "24.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9331CA9-E92E-4D37-8C87-92F6D4418C4A",
"versionEndExcluding": "25.0.2",
"versionStartIncluding": "25.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases."
},
{
"lang": "es",
"value": "Moby es un proyecto de c\u00f3digo abierto creado por Docker para permitir la contenedorizaci\u00f3n de software. El sistema de cach\u00e9 del constructor cl\u00e1sico es propenso a envenenar el cach\u00e9 si la imagen se crea DESDE scratch. Adem\u00e1s, los cambios en algunas instrucciones (las m\u00e1s importantes son HEALTHCHECK y ONBUILD) no provocar\u00edan una p\u00e9rdida de cach\u00e9. Un atacante con conocimiento del Dockerfile que alguien est\u00e1 usando podr\u00eda envenenar su cach\u00e9 al obligarlo a extraer una imagen especialmente manipulada que se considerar\u00eda como un candidato de cach\u00e9 v\u00e1lido para algunos pasos de compilaci\u00f3n. Los usuarios de 23.0+ solo se ven afectados si optaron expl\u00edcitamente por no participar en Buildkit (variable de entorno DOCKER_BUILDKIT=0) o si est\u00e1n usando el endpoint API /build. Todos los usuarios con versiones anteriores a la 23.0 podr\u00edan verse afectados. El punto final de la API de creaci\u00f3n de im\u00e1genes (/build) y la funci\u00f3n ImageBuild de github.com/docker/docker/client tambi\u00e9n se ven afectados ya que utiliza el generador cl\u00e1sico de forma predeterminada. Los parches se incluyen en las versiones 24.0.9 y 25.0.2."
}
],
"id": "CVE-2024-24557",
"lastModified": "2024-02-09T20:21:32.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-02-01T17:15:10.953",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
},
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
}
}
}
rhsa-2025:11749
Vulnerability from csaf_redhat
Published
2025-07-24 15:20
Modified
2025-08-15 03:14
Summary
Red Hat Security Advisory: Updated 8.1 container image is now available: security and bug fix update
Notes
Topic
Updated rhceph-8.1 container image is now available in the Red Hat Ecosystem Catalog.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 8.1 and Red Hat Enterprise Linux 8.10, 9.5, 9.6.
Users are directed to the Red Hat Ceph Storage Release Notes for full Red Hat Ceph Storage 8.1 Release Notes information:
https://docs.redhat.com/en/documentation/red_hat_ceph_storage/8/html/8.1_release_notes
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous security and bug fixes.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhceph-8.1 container image is now available in the Red Hat Ecosystem Catalog.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. \n \nThis new container image is based on Red Hat Ceph Storage 8.1 and Red Hat Enterprise Linux 8.10, 9.5, 9.6. \n \nUsers are directed to the Red Hat Ceph Storage Release Notes for full Red Hat Ceph Storage 8.1 Release Notes information:\n\nhttps://docs.redhat.com/en/documentation/red_hat_ceph_storage/8/html/8.1_release_notes\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous security and bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:11749",
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2262352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262352"
},
{
"category": "external",
"summary": "2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "2342464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464"
},
{
"category": "external",
"summary": "2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "2349390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349390"
},
{
"category": "external",
"summary": "2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11749.json"
}
],
"title": "Red Hat Security Advisory: Updated 8.1 container image is now available: security and bug fix update",
"tracking": {
"current_release_date": "2025-08-15T03:14:34+00:00",
"generator": {
"date": "2025-08-15T03:14:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:11749",
"initial_release_date": "2025-07-24T15:20:25+00:00",
"revision_history": [
{
"date": "2025-07-24T15:20:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-24T15:20:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-15T03:14:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 8.1 Tools",
"product": {
"name": "Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:8.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"product": {
"name": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"product_id": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"product_id": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-40"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"product_id": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"product": {
"name": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"product_id": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"product_id": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"product_id": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"product": {
"name": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"product_id": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"product_id": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-40"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"product_id": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"product": {
"name": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"product_id": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"product_id": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-40"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"product_id": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64"
},
"product_reference": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64"
},
"product_reference": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le"
},
"product_reference": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
},
"product_reference": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24557",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2024-02-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262352"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in github.com/moby/moby. The classic builder cache system in moby is vulnerable to cache poisoning if the image is built using a \u0027FROM scratch\u0027 in Dockerfile. This flaw allows an attacker who has knowledge of the Dockerfile to create a malicious cache that would be pulled and considered a valid cache candidate for some build steps.\r\nThis only affects one if using DOCKER_BUILDKIT=0 or using the /build API endpoint.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moby: classic builder cache poisoning",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact since attack complexity is quite high. There are multiple conditions which are required: dockerfile is configured to use a non-default setting, attacker must be aware of this information, and they must have the ability to craft a malicious cache.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24557"
},
{
"category": "external",
"summary": "RHBZ#2262352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262352"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc",
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
}
],
"release_date": "2024-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "moby: classic builder cache poisoning"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2024-53382",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-03-03T07:00:37.175156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2349390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the prism-autoloader plugin of the Prism library. The prism-autoloader plugin uses `document.currentScript` as the base URL for dynamically loading other dependencies and, in certain circumstances, can be vulnerable to a DOM Clobbering attack. This issue could lead to Cross-site scripting (XSS) attacks on web pages that embed Prism and allow users to inject scriptless HTML elements, such as an `img` tag with a controlled `name` attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prismjs: DOM Clobbering vulnerability within the Prism library\u0027s prism-autoloader plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-53382"
},
{
"category": "external",
"summary": "RHBZ#2349390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-53382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53382"
},
{
"category": "external",
"summary": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660",
"url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"
},
{
"category": "external",
"summary": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259",
"url": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259"
}
],
"release_date": "2025-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prismjs: DOM Clobbering vulnerability within the Prism library\u0027s prism-autoloader plugin"
},
{
"cve": "CVE-2025-22865",
"cwe": {
"id": "CWE-228",
"name": "Improper Handling of Syntactically Invalid Structure"
},
"discovery_date": "2025-01-28T02:00:52.745155+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 golang library. When using ParsePKCS1PrivateKey to parse an RSA key missing the CRT values, causes a panic when verifying the key is well formed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects only the Go 1.24 release candidates. Red Hat products do not utilize Go 1.24, except Red Hat Ceph Storage 8 which includes a Grafana container that uses Go 1.24 and is therefore affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22865"
},
{
"category": "external",
"summary": "RHBZ#2342464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22865"
},
{
"category": "external",
"summary": "https://go.dev/cl/643098",
"url": "https://go.dev/cl/643098"
},
{
"category": "external",
"summary": "https://go.dev/issue/71216",
"url": "https://go.dev/issue/71216"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ",
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3421",
"url": "https://pkg.go.dev/vuln/GO-2025-3421"
}
],
"release_date": "2025-01-28T01:03:25.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite includes affected component however product is not directly impacted since the vulnerability arises when \"net/http\" is used as a server. Satellite uses it solely as a client, so it\u0027s not exposed to the flaw. Product Security has assessed this as Low severity.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform uses secure, encrypted HTTPS connections over TLS 1.2 to reduce the risk of smuggling attacks by preventing the injection of ambiguous or malformed requests between components. The environment employs IPS/IDS and antimalware solutions to detect and block malicious code while ensuring consistent interpretation of HTTP requests across network layers, mitigating request/response inconsistencies. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, enabling the detection of malformed or suspicious HTTP traffic. Static code analysis and peer reviews enforce strong input validation and error handling to ensure all user inputs adhere to HTTP protocol specifications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
},
{
"cve": "CVE-2025-30204",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-03-21T22:00:43.818367+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2354195"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "RHBZ#2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3553",
"url": "https://pkg.go.dev/vuln/GO-2025-3553"
}
],
"release_date": "2025-03-21T21:42:01.382000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
}
]
}
ghsa-xw73-rw38-6vjc
Vulnerability from github
Published
2024-02-01 20:51
Modified
2024-07-05 18:59
Severity ?
VLAI Severity ?
Summary
Classic builder cache poisoning
Details
The classic builder cache system is prone to cache poisoning if the image is built FROM scratch.
Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss.
An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps.
For example, an attacker could create an image that is considered as a valid cache candidate for:
FROM scratch
MAINTAINER Pawel
when in fact the malicious image used as a cache would be an image built from a different Dockerfile.
In the second case, the attacker could for example substitute a different HEALTCHECK command.
Impact
23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint (which uses the classic builder by default).
All users on versions older than 23.0 could be impacted. An example could be a CI with a shared cache, or just a regular Docker user pulling a malicious image due to misspelling/typosquatting.
Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default.
Patches
Patches are included in Moby releases:
- v25.0.2
- v24.0.9
- v23.0.10
Workarounds
- Use
--no-cacheor use Buildkit if possible (DOCKER_BUILDKIT=1, it's default on 23.0+ assuming that the buildx plugin is installed). - Use
Version = types.BuilderBuildKitorNoCache = trueinImageBuildOptionsforImageBuildcall.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/docker/docker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "24.0.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/moby/moby"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "24.0.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/moby/moby"
},
"ranges": [
{
"events": [
{
"introduced": "25.0.0"
},
{
"fixed": "25.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/docker/docker"
},
"ranges": [
{
"events": [
{
"introduced": "25.0.0"
},
{
"fixed": "25.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-24557"
],
"database_specific": {
"cwe_ids": [
"CWE-345",
"CWE-346"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-01T20:51:19Z",
"nvd_published_at": "2024-02-01T17:15:10Z",
"severity": "MODERATE"
},
"details": "The classic builder cache system is prone to cache poisoning if the image is built `FROM scratch`.\nAlso, changes to some instructions (most important being `HEALTHCHECK` and `ONBUILD`) would not cause a cache miss.\n\n\nAn attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps.\n\nFor example, an attacker could create an image that is considered as a valid cache candidate for:\n```\nFROM scratch\nMAINTAINER Pawel\n```\n\nwhen in fact the malicious image used as a cache would be an image built from a different Dockerfile.\n\nIn the second case, the attacker could for example substitute a different `HEALTCHECK` command.\n\n\n### Impact\n\n23.0+ users are only affected if they explicitly opted out of Buildkit (`DOCKER_BUILDKIT=0` environment variable) or are using the `/build` API endpoint (which uses the classic builder by default).\n\nAll users on versions older than 23.0 could be impacted. An example could be a CI with a shared cache, or just a regular Docker user pulling a malicious image due to misspelling/typosquatting.\n\nImage build API endpoint (`/build`) and `ImageBuild` function from `github.com/docker/docker/client` is also affected as it the uses classic builder by default. \n\n\n### Patches\n\nPatches are included in Moby releases:\n\n- v25.0.2\n- v24.0.9\n- v23.0.10\n\n### Workarounds\n\n- Use `--no-cache` or use Buildkit if possible (`DOCKER_BUILDKIT=1`, it\u0027s default on 23.0+ assuming that the buildx plugin is installed).\n- Use `Version = types.BuilderBuildKit` or `NoCache = true` in `ImageBuildOptions` for `ImageBuild` call.\n\n",
"id": "GHSA-xw73-rw38-6vjc",
"modified": "2024-07-05T18:59:04Z",
"published": "2024-02-01T20:51:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff"
},
{
"type": "PACKAGE",
"url": "https://github.com/moby/moby"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Classic builder cache poisoning"
}
opensuse-su-2024:14287-1
Vulnerability from csaf_opensuse
Published
2024-08-25 00:00
Modified
2024-08-25 00:00
Summary
forgejo-runner-3.5.1-1.1 on GA media
Notes
Title of the patch
forgejo-runner-3.5.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the forgejo-runner-3.5.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14287
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "forgejo-runner-3.5.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the forgejo-runner-3.5.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14287",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14287-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24557 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24557/"
}
],
"title": "forgejo-runner-3.5.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-08-25T00:00:00Z",
"generator": {
"date": "2024-08-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14287-1",
"initial_release_date": "2024-08-25T00:00:00Z",
"revision_history": [
{
"date": "2024-08-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "forgejo-runner-3.5.1-1.1.aarch64",
"product": {
"name": "forgejo-runner-3.5.1-1.1.aarch64",
"product_id": "forgejo-runner-3.5.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "forgejo-runner-bash-completion-3.5.1-1.1.aarch64",
"product": {
"name": "forgejo-runner-bash-completion-3.5.1-1.1.aarch64",
"product_id": "forgejo-runner-bash-completion-3.5.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "forgejo-runner-fish-completion-3.5.1-1.1.aarch64",
"product": {
"name": "forgejo-runner-fish-completion-3.5.1-1.1.aarch64",
"product_id": "forgejo-runner-fish-completion-3.5.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "forgejo-runner-zsh-completion-3.5.1-1.1.aarch64",
"product": {
"name": "forgejo-runner-zsh-completion-3.5.1-1.1.aarch64",
"product_id": "forgejo-runner-zsh-completion-3.5.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "forgejo-runner-3.5.1-1.1.ppc64le",
"product": {
"name": "forgejo-runner-3.5.1-1.1.ppc64le",
"product_id": "forgejo-runner-3.5.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "forgejo-runner-bash-completion-3.5.1-1.1.ppc64le",
"product": {
"name": "forgejo-runner-bash-completion-3.5.1-1.1.ppc64le",
"product_id": "forgejo-runner-bash-completion-3.5.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "forgejo-runner-fish-completion-3.5.1-1.1.ppc64le",
"product": {
"name": "forgejo-runner-fish-completion-3.5.1-1.1.ppc64le",
"product_id": "forgejo-runner-fish-completion-3.5.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "forgejo-runner-zsh-completion-3.5.1-1.1.ppc64le",
"product": {
"name": "forgejo-runner-zsh-completion-3.5.1-1.1.ppc64le",
"product_id": "forgejo-runner-zsh-completion-3.5.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "forgejo-runner-3.5.1-1.1.s390x",
"product": {
"name": "forgejo-runner-3.5.1-1.1.s390x",
"product_id": "forgejo-runner-3.5.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "forgejo-runner-bash-completion-3.5.1-1.1.s390x",
"product": {
"name": "forgejo-runner-bash-completion-3.5.1-1.1.s390x",
"product_id": "forgejo-runner-bash-completion-3.5.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "forgejo-runner-fish-completion-3.5.1-1.1.s390x",
"product": {
"name": "forgejo-runner-fish-completion-3.5.1-1.1.s390x",
"product_id": "forgejo-runner-fish-completion-3.5.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "forgejo-runner-zsh-completion-3.5.1-1.1.s390x",
"product": {
"name": "forgejo-runner-zsh-completion-3.5.1-1.1.s390x",
"product_id": "forgejo-runner-zsh-completion-3.5.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "forgejo-runner-3.5.1-1.1.x86_64",
"product": {
"name": "forgejo-runner-3.5.1-1.1.x86_64",
"product_id": "forgejo-runner-3.5.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "forgejo-runner-bash-completion-3.5.1-1.1.x86_64",
"product": {
"name": "forgejo-runner-bash-completion-3.5.1-1.1.x86_64",
"product_id": "forgejo-runner-bash-completion-3.5.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "forgejo-runner-fish-completion-3.5.1-1.1.x86_64",
"product": {
"name": "forgejo-runner-fish-completion-3.5.1-1.1.x86_64",
"product_id": "forgejo-runner-fish-completion-3.5.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "forgejo-runner-zsh-completion-3.5.1-1.1.x86_64",
"product": {
"name": "forgejo-runner-zsh-completion-3.5.1-1.1.x86_64",
"product_id": "forgejo-runner-zsh-completion-3.5.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-3.5.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.aarch64"
},
"product_reference": "forgejo-runner-3.5.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-3.5.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.ppc64le"
},
"product_reference": "forgejo-runner-3.5.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-3.5.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.s390x"
},
"product_reference": "forgejo-runner-3.5.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-3.5.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.x86_64"
},
"product_reference": "forgejo-runner-3.5.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-bash-completion-3.5.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.aarch64"
},
"product_reference": "forgejo-runner-bash-completion-3.5.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-bash-completion-3.5.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.ppc64le"
},
"product_reference": "forgejo-runner-bash-completion-3.5.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-bash-completion-3.5.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.s390x"
},
"product_reference": "forgejo-runner-bash-completion-3.5.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-bash-completion-3.5.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.x86_64"
},
"product_reference": "forgejo-runner-bash-completion-3.5.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-fish-completion-3.5.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.aarch64"
},
"product_reference": "forgejo-runner-fish-completion-3.5.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-fish-completion-3.5.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.ppc64le"
},
"product_reference": "forgejo-runner-fish-completion-3.5.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-fish-completion-3.5.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.s390x"
},
"product_reference": "forgejo-runner-fish-completion-3.5.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-fish-completion-3.5.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.x86_64"
},
"product_reference": "forgejo-runner-fish-completion-3.5.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-zsh-completion-3.5.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.aarch64"
},
"product_reference": "forgejo-runner-zsh-completion-3.5.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-zsh-completion-3.5.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.ppc64le"
},
"product_reference": "forgejo-runner-zsh-completion-3.5.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-zsh-completion-3.5.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.s390x"
},
"product_reference": "forgejo-runner-zsh-completion-3.5.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "forgejo-runner-zsh-completion-3.5.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.x86_64"
},
"product_reference": "forgejo-runner-zsh-completion-3.5.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24557"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.s390x",
"openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.s390x",
"openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.s390x",
"openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.s390x",
"openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24557",
"url": "https://www.suse.com/security/cve/CVE-2024-24557"
},
{
"category": "external",
"summary": "SUSE Bug 1234124 for CVE-2024-24557",
"url": "https://bugzilla.suse.com/1234124"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.s390x",
"openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.s390x",
"openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.s390x",
"openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.s390x",
"openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.s390x",
"openSUSE Tumbleweed:forgejo-runner-3.5.1-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.s390x",
"openSUSE Tumbleweed:forgejo-runner-bash-completion-3.5.1-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.s390x",
"openSUSE Tumbleweed:forgejo-runner-fish-completion-3.5.1-1.1.x86_64",
"openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.aarch64",
"openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.ppc64le",
"openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.s390x",
"openSUSE Tumbleweed:forgejo-runner-zsh-completion-3.5.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-24557"
}
]
}
fkie_cve-2024-24557
Vulnerability from fkie_nvd
Published
2024-02-01 17:15
Modified
2024-11-21 08:59
Severity ?
6.9 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae | Patch | |
| security-advisories@github.com | https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mobyproject | moby | * | |
| mobyproject | moby | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8334C2EE-69C4-42D5-89C3-00C77A880F08",
"versionEndExcluding": "24.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9331CA9-E92E-4D37-8C87-92F6D4418C4A",
"versionEndExcluding": "25.0.2",
"versionStartIncluding": "25.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases."
},
{
"lang": "es",
"value": "Moby es un proyecto de c\u00f3digo abierto creado por Docker para permitir la contenedorizaci\u00f3n de software. El sistema de cach\u00e9 del constructor cl\u00e1sico es propenso a envenenar el cach\u00e9 si la imagen se crea DESDE scratch. Adem\u00e1s, los cambios en algunas instrucciones (las m\u00e1s importantes son HEALTHCHECK y ONBUILD) no provocar\u00edan una p\u00e9rdida de cach\u00e9. Un atacante con conocimiento del Dockerfile que alguien est\u00e1 usando podr\u00eda envenenar su cach\u00e9 al obligarlo a extraer una imagen especialmente manipulada que se considerar\u00eda como un candidato de cach\u00e9 v\u00e1lido para algunos pasos de compilaci\u00f3n. Los usuarios de 23.0+ solo se ven afectados si optaron expl\u00edcitamente por no participar en Buildkit (variable de entorno DOCKER_BUILDKIT=0) o si est\u00e1n usando el endpoint API /build. Todos los usuarios con versiones anteriores a la 23.0 podr\u00edan verse afectados. El punto final de la API de creaci\u00f3n de im\u00e1genes (/build) y la funci\u00f3n ImageBuild de github.com/docker/docker/client tambi\u00e9n se ven afectados ya que utiliza el generador cl\u00e1sico de forma predeterminada. Los parches se incluyen en las versiones 24.0.9 y 25.0.2."
}
],
"id": "CVE-2024-24557",
"lastModified": "2024-11-21T08:59:24.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-01T17:15:10.953",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
},
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
wid-sec-w-2024-0272
Vulnerability from csaf_certbund
Published
2024-01-31 23:00
Modified
2025-06-22 22:00
Summary
docker: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in Docker ausnutzen, um seine Privilegien zu erhöhen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen oder Dateien zu manipulieren.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Docker ist eine Open-Source-Software, die dazu verwendet werden kann, Anwendungen mithilfe von Betriebssystemvirtualisierung in Containern zu isolieren.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Docker ausnutzen, um seine Privilegien zu erh\u00f6hen, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen oder Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0272 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0272.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0272 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0272"
},
{
"category": "external",
"summary": "Docker Security Advisory vom 2024-01-31",
"url": "https://www.docker.com/blog/docker-security-advisory-multiple-vulnerabilities-in-runc-buildkit-and-moby/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0295-1 vom 2024-02-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017833.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0294-1 vom 2024-02-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017834.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-900DC7F6FF vom 2024-02-01",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-900dc7f6ff"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-9044C9EEFA vom 2024-02-01",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-9044c9eefa"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5615 vom 2024-02-04",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00022.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0670 vom 2024-02-02",
"url": "https://access.redhat.com/errata/RHSA-2024:0670"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0670 vom 2024-02-06",
"url": "http://linux.oracle.com/errata/ELSA-2024-0670.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0328-1 vom 2024-02-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017865.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0717 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0717"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0752 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0752"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0756 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0756"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0764 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0764"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0757 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0757"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0759 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0759"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0666 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0666"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0645 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0645"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0682 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0682"
},
{
"category": "external",
"summary": "Docker Desktop release notes vom 2024-02-08",
"url": "https://docs.docker.com/desktop/release-notes/#4272"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0760 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0760"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0662 vom 2024-02-07",
"url": "https://access.redhat.com/errata/RHSA-2024:0662"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0748 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0748"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0758 vom 2024-02-08",
"url": "https://access.redhat.com/errata/RHSA-2024:0758"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0755 vom 2024-02-09",
"url": "https://access.redhat.com/errata/RHSA-2024:0755"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0684 vom 2024-02-09",
"url": "https://access.redhat.com/errata/RHSA-2024:0684"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-17931 vom 2024-02-10",
"url": "https://linux.oracle.com/errata/ELSA-2024-17931.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12148 vom 2024-02-10",
"url": "https://linux.oracle.com/errata/ELSA-2024-12148.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:0752 vom 2024-02-12",
"url": "https://errata.build.resf.org/RLSA-2024:0752"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0459-1 vom 2024-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017910.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0748 vom 2024-02-15",
"url": "https://linux.oracle.com/errata/ELSA-2024-0748.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-0752 vom 2024-02-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-0752.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3735 vom 2024-02-19",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisory PAN-SA-2024-0002 vom 2024-02-22",
"url": "https://security.paloaltonetworks.com/PAN-SA-2024-0002"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0586-1 vom 2024-02-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017990.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0587-1 vom 2024-02-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017989.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7201 vom 2024-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:7201"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-039 vom 2024-03-06",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-039.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASDOCKER-2024-039 vom 2024-03-06",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-039.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1270 vom 2024-03-12",
"url": "https://access.redhat.com/errata/RHSA-2024:1270"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0586-2 vom 2024-04-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018256.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-164 vom 2024-04-05",
"url": "https://www.dell.com/support/kbdoc/000223801/dsa-2024-="
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1469-1 vom 2024-04-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018439.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2988 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2988"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202407-12 vom 2024-07-05",
"url": "https://security.gentoo.org/glsa/202407-12"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202407-25 vom 2024-07-10",
"url": "https://security.gentoo.org/glsa/202407-25"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162077 vom 2024-07-31",
"url": "https://www.ibm.com/support/pages/node/7162077"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2801-1 vom 2024-08-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019134.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2801-2 vom 2024-08-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019136.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202408-25 vom 2024-08-11",
"url": "https://security.gentoo.org/glsa/202408-25"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASDOCKER-2024-044 vom 2024-08-29",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-044.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-045 vom 2024-08-29",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-045.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3120-1 vom 2024-09-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019345.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASECS-2024-041 vom 2024-09-03",
"url": "https://alas.aws.amazon.com/AL2/ALASECS-2024-041.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202409-29 vom 2024-09-28",
"url": "https://security.gentoo.org/glsa/202409-29"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2024-0282083260 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0282083260"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-1CAB90A9E7 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1cab90a9e7"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-28E375F8CA vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-28e375f8ca"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-1068D5C32B vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1068d5c32b"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-AFA796A751 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-afa796a751"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-EE9F0F22B6 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ee9f0f22b6"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-69528C0BA6 vom 2024-10-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-69528c0ba6"
},
{
"category": "external",
"summary": "Brocade Security Advisory BSA-2024-2749 vom 2024-11-02",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25074"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10147 vom 2024-11-27",
"url": "https://access.redhat.com/errata/RHSA-2024:10149"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10520 vom 2024-12-03",
"url": "https://access.redhat.com/errata/RHSA-2024:10520"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10525 vom 2024-12-05",
"url": "https://access.redhat.com/errata/RHSA-2024:10525"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10841 vom 2024-12-12",
"url": "https://access.redhat.com/errata/RHSA-2024:10841"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14571-1 vom 2024-12-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/6XZ7QNLFOMP7ZODQGCLQFRNRPEWZELNY/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0115 vom 2025-01-14",
"url": "https://access.redhat.com/errata/RHSA-2025:0115"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0226-1 vom 2025-01-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020191.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0650 vom 2025-01-29",
"url": "https://access.redhat.com/errata/RHSA-2025:0650"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0074-1 vom 2025-02-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MFFSKUX256PEK52RLQGT33MIN3ZQO27D/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1711 vom 2025-02-27",
"url": "https://access.redhat.com/errata/RHSA-2025:1711"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2441 vom 2025-03-13",
"url": "https://access.redhat.com/errata/RHSA-2025:2441"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2710 vom 2025-03-20",
"url": "https://access.redhat.com/errata/RHSA-2025:2710"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2701 vom 2025-03-20",
"url": "https://access.redhat.com/errata/RHSA-2025:2701"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1102-1 vom 2025-04-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020639.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7474-1 vom 2025-05-01",
"url": "https://ubuntu.com/security/notices/USN-7474-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20107-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021214.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20056-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021311.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:9340 vom 2025-06-23",
"url": "https://access.redhat.com/errata/RHSA-2025:9340"
}
],
"source_lang": "en-US",
"title": "docker: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-22T22:00:00.000+00:00",
"generator": {
"date": "2025-06-23T07:15:14.327+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-0272",
"initial_release_date": "2024-01-31T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-31T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-02-01T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-02-04T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian und Red Hat aufgenommen"
},
{
"date": "2024-02-05T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2024-02-07T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-08T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-02-11T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-02-12T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-02-13T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-02-14T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-02-18T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-02-21T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Palo Alto Networks aufgenommen"
},
{
"date": "2024-02-22T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-02-27T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-05T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-03-12T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-04T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE und Dell aufgenommen"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-07-04T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-08-06T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-11T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-08-29T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-09-03T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2024-10-20T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-11-03T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von BROCADE aufgenommen"
},
{
"date": "2024-11-26T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-03T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-04T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-11T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-15T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-01-13T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-23T23:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-01-28T23:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-24T23:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-02-26T23:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-13T23:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-19T23:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-05-01T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-22T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "48"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.3.1a",
"product": {
"name": "Broadcom Brocade SANnav \u003c2.3.1a",
"product_id": "T038317"
}
},
{
"category": "product_version",
"name": "2.3.1a",
"product": {
"name": "Broadcom Brocade SANnav 2.3.1a",
"product_id": "T038317-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:broadcom:brocade_sannav:2.3.1a"
}
}
}
],
"category": "product_name",
"name": "Brocade SANnav"
}
],
"category": "vendor",
"name": "Broadcom"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.10.0.2",
"product": {
"name": "Dell NetWorker \u003c19.10.0.2",
"product_id": "T033910"
}
},
{
"category": "product_version",
"name": "19.10.0.2",
"product": {
"name": "Dell NetWorker 19.10.0.2",
"product_id": "T033910-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.10.0.2"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "runc \u003c1.1.12",
"product": {
"name": "Open Source docker runc \u003c1.1.12",
"product_id": "T032453"
}
},
{
"category": "product_version",
"name": "runc 1.1.12",
"product": {
"name": "Open Source docker runc 1.1.12",
"product_id": "T032453-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:runc__1.1.12"
}
}
},
{
"category": "product_version_range",
"name": "BuildKit \u003c0.12.5",
"product": {
"name": "Open Source docker BuildKit \u003c0.12.5",
"product_id": "T032454"
}
},
{
"category": "product_version",
"name": "BuildKit 0.12.5",
"product": {
"name": "Open Source docker BuildKit 0.12.5",
"product_id": "T032454-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:buildkit__0.12.5"
}
}
},
{
"category": "product_version_range",
"name": "Moby \u003c25.0.2",
"product": {
"name": "Open Source docker Moby \u003c25.0.2",
"product_id": "T032455"
}
},
{
"category": "product_version",
"name": "Moby 25.0.2",
"product": {
"name": "Open Source docker Moby 25.0.2",
"product_id": "T032455-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:moby__25.0.2"
}
}
},
{
"category": "product_version_range",
"name": "Moby \u003c24.0.9",
"product": {
"name": "Open Source docker Moby \u003c24.0.9",
"product_id": "T032456"
}
},
{
"category": "product_version",
"name": "Moby 24.0.9",
"product": {
"name": "Open Source docker Moby 24.0.9",
"product_id": "T032456-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:moby__24.0.9"
}
}
},
{
"category": "product_version_range",
"name": "Desktop \u003c4.27.1",
"product": {
"name": "Open Source docker Desktop \u003c4.27.1",
"product_id": "T032457"
}
},
{
"category": "product_version",
"name": "Desktop 4.27.1",
"product": {
"name": "Open Source docker Desktop 4.27.1",
"product_id": "T032457-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:desktop__4.27.1"
}
}
},
{
"category": "product_version_range",
"name": "Desktop \u003c4.27.2",
"product": {
"name": "Open Source docker Desktop \u003c4.27.2",
"product_id": "T032605"
}
},
{
"category": "product_version",
"name": "Desktop 4.27.2",
"product": {
"name": "Open Source docker Desktop 4.27.2",
"product_id": "T032605-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:docker:desktop__4.27.2"
}
}
}
],
"category": "product_name",
"name": "docker"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "PaloAlto Networks Cortex XSOAR",
"product": {
"name": "PaloAlto Networks Cortex XSOAR",
"product_id": "T033043",
"product_identification_helper": {
"cpe": "cpe:/a:paloaltonetworks:cortex_xsoar:-"
}
}
}
],
"category": "vendor",
"name": "PaloAlto Networks"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.11",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.11",
"product_id": "T032600"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.11",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.11",
"product_id": "T032600-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.11"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.13.32",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.13.32",
"product_id": "T032601"
}
},
{
"category": "product_version",
"name": "Container Platform 4.13.32",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13.32",
"product_id": "T032601-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.13.32"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.49",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.49",
"product_id": "T032602"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.49",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.49",
"product_id": "T032602-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.49"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.11.58",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.11.58",
"product_id": "T032603"
}
},
{
"category": "product_version",
"name": "Container Platform 4.11.58",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11.58",
"product_id": "T032603-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.11.58"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.46",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.46",
"product_id": "T041462"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.46",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.46",
"product_id": "T041462-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.46"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.74",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.74",
"product_id": "T041814"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.74",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.74",
"product_id": "T041814-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.74"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.13.56",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.13.56",
"product_id": "T042009"
}
},
{
"category": "product_version",
"name": "Container Platform 4.13.56",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13.56",
"product_id": "T042009-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.13.56"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.49",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.49",
"product_id": "T042010"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.49",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.49",
"product_id": "T042010-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.49"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21626",
"product_status": {
"known_affected": [
"T032600",
"T032603",
"T038317",
"67646",
"T041814",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"T032453",
"74185",
"T041462",
"2951",
"T002207",
"T000126",
"T042009",
"T027843",
"398363",
"T032605",
"T042010"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-21626"
},
{
"cve": "CVE-2024-23651",
"product_status": {
"known_affected": [
"T032600",
"T032454",
"T032603",
"T038317",
"67646",
"T041814",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"T041462",
"2951",
"T002207",
"T000126",
"T042009",
"T027843",
"398363",
"T032605",
"T042010"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-23651"
},
{
"cve": "CVE-2024-23652",
"product_status": {
"known_affected": [
"T032600",
"T032454",
"T032603",
"T038317",
"67646",
"T041814",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"T041462",
"2951",
"T002207",
"T000126",
"T042009",
"T027843",
"398363",
"T032605",
"T042010"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-23652"
},
{
"cve": "CVE-2024-23653",
"product_status": {
"known_affected": [
"T032600",
"T032454",
"T032603",
"T038317",
"67646",
"T041814",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"T041462",
"2951",
"T002207",
"T000126",
"T042009",
"T027843",
"398363",
"T032605",
"T042010"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-23653"
},
{
"cve": "CVE-2024-23650",
"product_status": {
"known_affected": [
"T032600",
"T032454",
"T032603",
"T038317",
"67646",
"T041814",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"T041462",
"2951",
"T002207",
"T000126",
"T042009",
"T027843",
"398363",
"T032605",
"T042010"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-23650"
},
{
"cve": "CVE-2024-24557",
"product_status": {
"known_affected": [
"T032600",
"T032455",
"T032603",
"T038317",
"67646",
"T041814",
"T032601",
"T033910",
"T032602",
"T033043",
"T012167",
"T004914",
"T032255",
"74185",
"T041462",
"2951",
"T002207",
"T000126",
"T042009",
"T027843",
"398363",
"T032605",
"T042010"
]
},
"release_date": "2024-01-31T23:00:00.000+00:00",
"title": "CVE-2024-24557"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…